Companies are struggling to cope with external cyber threats due to a lack of staff expertise and technology, according to a new report. This failure to adequately defend the business is resulting in at least one cyber attack per month and annual incurred costs of $3.5 million (£2.6 million).
The research, carried out by the Ponemon Institute, found that many businesses lack a well-rounded, coherent strategy to deal with external internet threats, such as social engineering exploits. In fact, 79% of respondents said the defenses they had in place to identify and mitigate these kinds of attacks were either “non-existent, ad hoc or inconsistently applied throughout the enterprise.”
Sixty-four percent of respondents, who were security directors or higher within their organization, said they lack the tools and resources needed to monitor these external threats, 62% said they lack the tools in place to analyze and understand, and 68% said their resources for mitigating external threats are inadequate.
The study, which was carried out in conjunction with BrandProtect, found that 59% of respondents said the protection of intellectual property (IP) from external threats was essential or very important to the sustainability of the business.
Figures from the report suggest that organizations know what it takes to better defend themselves against external threats but lack the resources to do so. Sixty-two percent of respondents said mobile app monitoring was a priority, 61% said the same about social engineering and organizational reconnaissance, 58% cited spear phishing infrastructure, and 54% mentioned executive and high value threats.
“The majority of security leaders understand that these external internet threats imperil business continuity,” said Larry Ponemon, president of the Ponemon Research Institute. “The study highlights a gap in defenses against threats that have proven to be extremely effective for cyber criminals and costly for enterprises.”
Roberto Drassinower, CEO of BrandProtect, added: “As external threats explode in both frequency and sophistication, forward-leaning security teams are actively prioritizing external threat detection, intelligence and mitigation in their objectives. But the majority of enterprises still have a long way to go. Despite losing millions of dollars annually to external and branded exploits, security teams are dealing with a significant readiness gap."
Photo © LeoWolfert