Following the significant shift in the cyber threat landscape, the mindset of information security professionals has changed substantially. Eighteen months ago, most reasonably funded information security groups felt that the tools, processes and people they had in place were fairly strong relative to the risks and threats they were designed to address. As such, most felt that, while by no means bullet-proof, their defenses were likely to keep the bad guys at bay and targeting more vulnerable organizations. Oh, what a difference a year and a half makes.
The rapidly maturing cyber crime economy and supporting supply chain have led information security professionals to realize that the bad guys are getting more sophisticated and more numerous at an accelerating pace. Since this time last year, most InfoSec pros have accepted the idea that “It’s when, not if” their organization will experience a breach. While this mentality seemed to be pervasive as we approached the end of 2011, we wanted to put some hard numbers to it; Just how exposed do organizations believe they are? To answer that question, we conducted a survey of over 200 information security professional on their organizations’ Cyber Threat Readiness. The results, while not surprising, are alarming and reflect the need for better detection and response capabilities: to know sooner when breaches occur and to be empowered to respond faster and more effectively when it happens.
82% of respondents stated they have firewalls in place and use anti-malware/anti-virus solutions, but 75% said they lack confidence in their ability to detect activity commonly tied to breaches and cyber crime (e.g., to know when credentials or hosts are compromised). The bright spot in the survey results is that organizations taking steps to deploy technology such as NGFW and SIEM to improve their visibility and response capability were twice as likely to be confident in their ability detect cyber attacks and breaches.
You can check out the Cyber Threat Readiness survey results for yourself in today’s press release. And as you’re reading the results and considering the scenarios to which most organizations are blind, answer the question “Would you know if…”.