Survey: Nearly Half of All Websites Have Been Breached

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://thevarguy.com/var-guy/survey-nearly-half-all-websites-have-been-breached

Just when you think your company’s website is safe or your employees aren’t
in danger of security breaches when they’re surfing the web, think again.
Nearly half of all websites have at some point been breached, showing the
growing importance for threat intelligence sharing among enterprises,
according to a recent survey.

Forty-seven percent of the 692 IT and IT security practitioners surveyed
for the Second Annual Study on Exchanging Cyber Threat Intelligence: There
Has to Be a Better Way from the Ponemon Institute said their organization
had a material security breach—either external or internal--that involved
an attack that compromised the networks or enterprise systems.

To mitigate or prevent these threats, sharing threat intelligence seems to
be the way forward. Sixty-five percent of those responding to the survey
said threat intelligence could have prevented or minimized the consequences
of the attack.

But the survey also points to hindrances to threat intelligence sharing
among organizations even though most agree it would improve companies’
security postures. It seems trust issues are hampering these efforts,
respondents said. Sixty-five percent of organizations that only partially
participate in threat intelligence sharing cited potential liability of
sharing and lack of trust in the sources of intelligence as why they don’t
participate more fully, according to the survey.

Still, the trend seems to be moving toward more sharing of intelligence
rather than not. And when they want to know how better to protect their
networks, organizations said they rely on their peers and vendors rather
than government officials or law enforcement agencies for threat
intelligence.

Sixty-five percent of respondents said they engage in informal peer-to-peer
exchange of information while 45 percent said they use a vendor threat
exchange service, as these constituencies are thought to provide the most
actionable information on security threats.

To successfully use this threat intelligence to mitigate threats, survey
respondents said it needs to be timely and easy to digest and prioritize,
factors that need a bit of work. Sixty-six percent of those surveyed who
said they are only somewhat or not satisfied with current approaches cited
lack of timeliness of the intelligence as the reason. Moreover, 46 percent
complained that the information is not categorized according to threat type
or attacker, which would be more helpful in allowing them to use the
information wisely.

All in all, however, organizations seem to be getting smarter about how to
collect, disseminate and use threat intelligence, according to the survey,
with companies moving to implement centralized programs controlled by
dedicated teams to manage the information. This will help improve
collaboration on threat intelligence--which is currently hindered by
siloing information--and help companies access what they need when they
need it to improve their security posture.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!