Enterprises Are Poorly Equipped To Handle External Cyberattacks - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // Security & Risk Strategy
08:06 AM
Connect Directly

Enterprises Are Poorly Equipped To Handle External Cyberattacks

Most organizations lack the tools and processes to handle external cyberattacks -- which lie outside a company's firewalls. Such attacks primarily leverage digital channels, and responsibility for monitoring these channels often falls outside traditional IT and security functions.

12 Barriers To Real-Time Analytics
12 Barriers To Real-Time Analytics
(Click image for larger view and slideshow.)

Most IT and information security leaders are aware of the risk and high cost of external internet cyberattacks, but only a small percentage believe their business is equipped to handle them, according to a study released July 19 by the Ponemon Institute.

The study, sponsored by BrandProtect, aimed to uncover the ability of organizations to address cyberattacks taking place outside their traditional security boundaries. External threats are defined in the study as those which lie outside a company's firewalls and primarily leverage digital channels, such as social media, email, and mobile apps.

The study, Security Beyond The Traditional Perimeter, is based on a Ponemon Institute survey of 591 IT professionals and IT security practitioners working at 505 enterprises in the US. The vast majority of respondents (79%) said security processes for internet and social media monitoring are non-existent, partially deployed, or inconsistently deployed.

[Read: EU Data Protection Law May End The Unknowable Algorithm]

This is a major risk, and an expensive one. The 505 organizations included in the study experienced an average of more than one cyberattack each month, and spent an average of $3.5 million to deal with each attack.

Even for a large organization, $3.5 million is significant, said Larry Ponemon, president of the Ponemon Institute, in an interview with InformationWeek.

The study discovered an average of 30% of external attacks were conducted over the internet or through social media. Most companies are not consistently monitoring these threats, and most are not doing what's necessary to ensure high-level security, Ponemon said.

"The protection of intellectual property from external threats is considered important to the sustainability of the company," he said. "The information that could lead to reputational damage could be catastrophic in cases."

When asked which external threats worry their organizations the most, 51% of respondents cited reputational damage. Forty percent of respondents also said they worried about branded exploits, and 33% said they were concerned about compliance and regulatory problems related to these threats.

While monitoring the internet and social media was seen by most respondents as critical to ganing intelligence about external threats, only 17% of respondents said their organizations consistently apply a formal process to do so. More than a third of respondents (38%) said their companies do not monitor the internet or social media to determine external threats their companies face. Another 23% identified their process or approach as informal or ad hoc, while 18% said they have a formal process in place but it is not applied consistently throughout the enterprise. Another 4% of respondents said they could not determine how their companies monitor internet and social media for potential threats.

(Image: Alengo/iStockphoto)

(Image: Alengo/iStockphoto)

So, what are companies monitoring, exactly?

When asked to identify the most important monitoring activities to achieve a strong security posture, 62% of respondents cited monitoring mobile apps, 61% cited monitoring social engineering and organizational reconnaissance, and 59% cited branded exploits. Other priorities cited were monitoring for spear-phishing infrastructure (58% of respondents), and monitoring executive and high-value targets (54% of respondents).

However, the ability to stay current on these technologies is lacking at many of the organizations surveyed. More than 80% of respondents believe their businesses are ineffective at monitoring social media and the internet.

"The study highlights a gap in defenses against threats that have proven to be extremely effective for cyber criminals and costly for employees," said Ponemon in a prepared statement.

Whose Job Is It?

While CIOs and Chief Information Security Officers are cited in the study as being responsible for directing efforts to minimize exposure to business risk stemming from threats on the network or at the security perimeter, the same is not true of external threats. Responsibility for external threats is most often given to the lines of business, or else no one person in the company is responsible, according to the study.

When asked how involved their company's security leader is in the collection and evaluation of intelligence gained from the internet and social media, only 12% of respondents said such executives were "very involved." Another 24% said their security leader has "some involvement" in the process.

Security leaders surveyed plan to address these shortcomings. Over the next two years, respondents said they plan to increase firewall monitoring in-house, and launch both in-house and outsourced initiatives to drive internal network monitoring.

Outside their security perimeters, companies plan to increase cyber threat monitoring, anti-phishing, social media monitoring, and external domain monitoring through both in-house projects and outsourcing.

Organizations will be consistently challenged to stay current on social media, an ever-changing landscape of new apps and websites. In our interview, Ponemon noted how, without the right tools and right insight, it's almost impossible to keep up.

The key will be in raising organizational awareness and becoming conscious of emerging technologies, he said, as new social sites can contain harmful information and lead to corporate identity theft. There is a possibility it will get a lot worse before it gets better.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll