Data Theft a Major Concern for Organizations

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.eweek.com/security/data-theft-a-major-concern-for-organizations.html

Companies lack the tools and intelligence to protect critical information,
and there exists a critical deficit of security solution effectiveness, a
disconnect in company executives’ perceived value of data and limited
visibility into attack activity, according to the results of a global
cyber-security report, conducted by the Ponemon Institute and sponsored by
Websense.

The findings, based on the responses of IT security practitioners with an
average of 10 years’ experience in the field from 15 countries, including
Brazil, China, Germany, India, the United Kingdom and the United States,
revealed a global consensus that security professionals need access to
heightened threat intelligence and defenses.

According to respondents, there is a gap between data breach perception and
reality–specifically regarding the potential revenue loss to their
business. Eighty percent of respondents say their company’s leaders do not
equate losing confidential data with a potential loss of revenue.

Fifty-seven percent of respondents do not think their organization is
protected from advanced cyber-attacks, and 63 percent doubt they can stop
the ex-filtration of confidential information.

In addition, the majority of respondents (69 percent) said they believe
cyber-security threats sometimes fall through the cracks of their
companies’ existing security systems.

"While there are significant differences among countries for specific
questions (such as availability of cyber-attack intelligence), the overall
analysis indicates that a majority of security professionals do not feel
adequately armed to defend their organizations from threats," Larry
Ponemon, chairman and founder of the Ponemon Institute, said in a
statement. "This challenge is further compounded by a perception that
company leaders do not believe that data breaches will lead to loss of
revenue. Our research has shown this is simply untrue."

Less than half of the respondents (41 percent) said they believe they have
a good understanding about the threat landscape facing their company, and
just 37 percent of respondents could say with certainty that their
organization lost sensitive or confidential information as a result of a
cyber-attack.

In addition, more than one-third (35 percent) of those who had lost
sensitive or confidential information did not know exactly what data had
been stolen.

"This global security report shows that the cyber-security industry still
has more work to do when it comes to addressing cyber-attacks," John
McCormack, Websense CEO, said in a statement. "Security professionals need
effective security measures and heightened security intelligence to keep
organizations safe from advanced attacks and data loss."

Nearly half (48 percent) of respondents said their board-level executives
have a sub-par understanding of security issues. However, the report noted
cyber-security awareness has actually most likely increased from that of a
few years ago.

About six in 10 (59 percent) companies do not have adequate intelligence or
are unsure about attempted attacks and their impact. Further, 51 percent
say their security solutions do not inform them about the root causes of an
attack, or they are unsure.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!