Proactive Threat Management Identified as Top Need: ReportBy Nathan Eddy | Posted 2011-04-22 Email Print
The study's respondents, agreed the most essential security technology to thwart cyber attacks is a system providing advanced warning.
Narus, a provider of dynamic network traffic intelligence and analytics for protecting governments, service providers and enterprises against cyber-threats and the risks of doing business in cyberspace, unveiled research from a Narus-sponsored study by the Ponemon Institute that pinpoints where cyber-warriors should concentrate their security efforts.
Mobile security threats and nation-sponsored cyber-attacks ranked high among major security concerns, while critical network infrastructure organizations emerged as a top target for domestic and foreign cyber-criminals. The study's respondents, comprising a group of information security experts, subsequently agreed that the most essential security technology to thwart cyber-attacks is a system that provides advanced warning.
While mobility poses a significant threat to individuals and organizations, well-publicized DDoS attacks launched by foreign entities and domestic criminals alike have endangered critical infrastructures and put cyber-warriors on high alert. The study's respondents felt that a few critical network infrastructures in particular were at risk: telecom and communications (93 percent of respondents); transportation (70 percent); and power and water utilities (63 percent).
Respondents indicated that attacks on their respective organizations
are occurring with increased frequency. A full 63 percent of
respondents reported seeing an increase in successful intrusions over
the past 12 months, likely by a nation or criminal syndicate.
Ironically, only 27 percent of respondents have witnessed a
corresponding increase in their respective companies' cyber security
investments. (The majority believes that a lack of staffing and
governance is the top contributing factor to cyber security deficiency
-- even more so than technology.)
Of those respondents whose organizations were attacked, most determined the origin of the attack through signature (73 percent) or traffic or network intelligence (50 percent). It appears that a combination of signature-based security coupled with non-signature-based approaches will be most effective. The most severe attack vectors are SQL injection, client-side HTTP attacks, viruses and insider threats. These attacks are considered severe because of their consequences, such as theft of information assets and difficulty in detecting, preventing or correcting effects of the attacks.
Seventy-seven percent of respondents believe criminal activities evade their firewalls; 67 percent say they evade their antivirus/antimalware systems; and 60 percent say they evade their intrusion detection/prevention systems. Respondents believe stealth and secrecy in security operations, education and training within the enterprise, alignment of security with business objectives, and a holistic approach (multiple complementary security software) to enterprise security are necessary to create a strong security posture in their respective organizations.