In a survey conducted by Ponemon Research on behalf of Juniper Networks, 90% of the respondents said their organizations’ computers had been breached at least once by hackers over the past 12 months.

Ponemon Research surveyed 583 companies located in the US with an average of 9.5 years of business experience. Nearly 60% reported two or more breaches over the past year. More than 50% said they had little confidence of being able to thwart off further attacks over the next 12 months. Those numbers are significantly higher than findings in similar surveys, and they suggest that a growing number of enterprises are losing the battle to keep malicious intruders out of their networks.

“We expected a majority to say they had experienced a breach,” said Johnnie Konstantas, director of product marketing at Juniper, a Sunnyvale, California based networking company. “But to have 90% saying they had experienced at least one breach, and more than 50% saying they had experienced two or more, is mind-blowing.” Those findings suggest “that a breach has become almost a statistical certainty” these days, she said.

The organizations that participated in the Ponemon survey represented a wide cross-section of both the private and public sectors, ranging from small organizations with less than 500 employees to enterprises with workforces of more than 75,000. The online survey was conducted over a five-day period earlier this month.

Some of the findings are as follows:

  • As a result of these multiple breaches, more 34% of respondents say they have low confidence in the ability of their organization’s IT infrastructure to prevent a network security breach.
  • Insufficient budgets are an issue for many organizations in our study. 52% of respondents say 10% or less of their IT budget is dedicated to security alone.
  • The financial consequences can be severe. When asked to consider cash outlays, internal labor, overhead, revenue losses and other expenses related to the security breach, 41% of respondents report that it was $500,000 or more and 16% say they were not able to determine the amount.
  • In the next 12 to 18 months, 47% say their organizations will spend the most IT security dollars on network security.

Roughly half of the respondents blamed resource constraints for their security woes, while about the same number cited network complexity as the primary challenge to implementing security controls. The Ponemon survey comes at a time of growing concern about the ability of companies to fend off sophisticated cyber attacks. Over the past several months, hackers have broken into numerous supposedly secure organizations, such as security vendor RSA, Lockheed Martin, Oak Ridge National Laboratories and the International Monetary Fund.

Many of the attacks have involved the use of sophisticated malware and social engineering techniques designed to evade easy detection by conventional security tools. The attacks have highlighted what analysts say is a growing need for enterprises to implement controls for the quick detection and containment of security breaches. Instead of focusing only on protecting against attacks, companies need to prepare for what comes after a targeted breach.

The survey results suggest that some organizations have begun moving in that direction. About 32% of the respondents said their primary security focus was on preventing attacks, but about 16% claimed the primary focus of their security efforts was on quick detection of and response to security incidents. About one out of four respondents said their focus was on aligning security controls with industry best practices.

Ponemon Research believes their research provides evidence that many organizations are lacking the right strategy to prevent cyber attacks against networks and enterprise systems. Their study suggests conventional network security methods need to improve in order to curtail internal and external threats.

Ponemon Research believes organizations should consider incorporating the following recommendation in their network security strategy:

  • Understand the risk employees’ mobile devices create in the workplace. The largest problem is created when laptops or other wireless devices are connected to an unsecure network; breaches occur involving lost of sensitive data. In addition, stolen laptop computers or other mobile data-bearing devices remain a consistent and expensive threat.

Studies consistently show that the cost of cyber attacks is increasing in the US; in fact it’s the largest growing crime in the US. Reducing an organization’s vulnerability to such attacks through the utilization of a virtual private network, and a combination of proper staffing, enabling protection technologies and training programs can help prevent the pattern of multiple breaches experienced by so many companies in the survey.

Article Source: