BreachExchange mailing list archives
Survey: Nearly Half of All Websites Have Been Breached
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 17 Nov 2015 16:41:32 -0700
http://thevarguy.com/var-guy/survey-nearly-half-all-websites-have-been-breached Just when you think your company’s website is safe or your employees aren’t in danger of security breaches when they’re surfing the web, think again. Nearly half of all websites have at some point been breached, showing the growing importance for threat intelligence sharing among enterprises, according to a recent survey. Forty-seven percent of the 692 IT and IT security practitioners surveyed for the Second Annual Study on Exchanging Cyber Threat Intelligence: There Has to Be a Better Way from the Ponemon Institute said their organization had a material security breach—either external or internal--that involved an attack that compromised the networks or enterprise systems. To mitigate or prevent these threats, sharing threat intelligence seems to be the way forward. Sixty-five percent of those responding to the survey said threat intelligence could have prevented or minimized the consequences of the attack. But the survey also points to hindrances to threat intelligence sharing among organizations even though most agree it would improve companies’ security postures. It seems trust issues are hampering these efforts, respondents said. Sixty-five percent of organizations that only partially participate in threat intelligence sharing cited potential liability of sharing and lack of trust in the sources of intelligence as why they don’t participate more fully, according to the survey. Still, the trend seems to be moving toward more sharing of intelligence rather than not. And when they want to know how better to protect their networks, organizations said they rely on their peers and vendors rather than government officials or law enforcement agencies for threat intelligence. Sixty-five percent of respondents said they engage in informal peer-to-peer exchange of information while 45 percent said they use a vendor threat exchange service, as these constituencies are thought to provide the most actionable information on security threats. To successfully use this threat intelligence to mitigate threats, survey respondents said it needs to be timely and easy to digest and prioritize, factors that need a bit of work. Sixty-six percent of those surveyed who said they are only somewhat or not satisfied with current approaches cited lack of timeliness of the intelligence as the reason. Moreover, 46 percent complained that the information is not categorized according to threat type or attacker, which would be more helpful in allowing them to use the information wisely. All in all, however, organizations seem to be getting smarter about how to collect, disseminate and use threat intelligence, according to the survey, with companies moving to implement centralized programs controlled by dedicated teams to manage the information. This will help improve collaboration on threat intelligence--which is currently hindered by siloing information--and help companies access what they need when they need it to improve their security posture.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Survey: Nearly Half of All Websites Have Been Breached Audrey McNeil (Nov 18)