One-third of those companies that were attacked lack confidence in their organizations’ readiness to defend against further aggression, according to the survey of 100 infosec executives at companies with revenues greater than $100 million.
Thirty-six percent of respondents indicated that if an attacker got inside their perimeter defenses and into their networks, they would not be able to see or stop the attack. When asked to grade themselves at discovering in-progress attacks quickly enough to mitigate damage and prevent catastrophic loss, respondents were more likely to give themselves a “C” versus an “A.”
“Organizations are beginning to realize that the battlefield for cyberattacks is moving from outside the perimeter to inside their network, and security teams are not well equipped for this development”, said John Worrall, executive vice president of product management and marketing at CounterTack.
Eighty-four percent of respondents believe their organizations are vulnerable to advanced persistent threats (APTs) targeting intellectual property or other critical organizational assets, and 44% admitted a lack of time and resources when it comes to dealing with such threats.
“APTs have moved the battlefield inside the organization. There is now a battle raging for control of your network and servers, and more importantly all the data that sit on them”, Worrall told Infosecurity.
Four out of five surveyed infosec executives believe that enterprises could benefit from adopting a military-style approach to security learned from physical battlefields – such as situational awareness and intelligence gathering.
Only 21% credited themselves with currently taking a military stance to cyber defense, using intelligence and real-time situational awareness tactics learned from the military, compared to 58% who indicated taking more of a “protector” role when it comes to defending organizational assets.