Attack Resolution Time Biggest Concern for Network Security Pros: Report

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.thewhir.com/web-hosting-news/attack-resolution-time-biggest-concern-for-network-security-pros-report

The length of time taken to resolve attacks has become the biggest
cybersecurity concern for network security professionals, according to a
Computer and Enterprise Investigations Conference (CEIC) survey.

The survey, conducted by Guidance Software at the 13th annual CEIC in May,
showed that 33 percent of respondents consider the length of time necessary
to deal with attacks is the biggest concern for their organization, up from
25 percent a year ago.

The increase is attributed to growth in the risk of data theft and the cost
of response, as well as the damage to the reputation of the attacked
organization. Security teams are responding by updating their response
methods to incorporate specialized automated detection and incident
response software, as well as their assumptions about their own
vulnerability.

“Enterprise and government security teams are seeking better solutions to
attack new threats of increasing complexity and persistence,” Alex
Andrianopoulos, vice president of marketing at Guidance Software said. “Our
security products, EnCase Cybersecurity and EnCase Analytics, leverage our
rich heritage in digital forensics in conjunction with new investigative
techniques based on big data analytics.”

BYOD policies are also changing to keep pace with cybersecurity concerns.
51 percent of companies currently allow employees to use their own devices
as official policy or “casual rule of thumb,” well down from 78 percent a
year ago, and the number of companies banning non-company devices leaped
from 22 percent in 2012 to 32 percent.

A study released by Acronis earlier this year showed that the majority of
companies do not have official BYOD policies and suggested this as a major
risk factor.

Part of the reason for the concern over BYOD practices is the “vanishing
perimeter” of enterprise networks which employee devices cause. While
traditional security methods were adequate for many companies when their
networks were limited to company property, security products which include
mobile device data are becoming increasingly important for organizations
which continue to allow employees to use their own devices for work.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.