Study: Most Security Pros Unsure If They Could Handle A Breach

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.darkreading.com/management/study-most-security-pros-unsure-if-they/240166084

Most security professionals are not confident in their ability to quickly
detect and find the source of a breach, and many fear that they will fumble
their incidence response efforts, according to a study published Wednesday.

A survey conducted by the Ponemon Institute and sponsored by security
company AccessData reports that many security pros are worried that they
would not know the root cause of a breach, or that they would be able to
prioritize their responses.

"When a CEO and board of directors asks a security team for a briefing
immediately following an incident, 65% of respondents believe that the
briefing would be purposefully modified, filtered or watered down" because
of a lack of information, the study says.

"Additionally, 78% of respondents believe most CISOs would make a 'best
effort guess' based on limited information, and they would also take action
prematurely and report that the problem had been resolved without this
actually being the case."

"One of the things I found interesting was that so many of the respondents
felt they would have to 'fudge' their reports to the CEO," says Larry
Ponemon, founder and director of the Ponemon Institute. "They're not
confident at all in their data."

Eighty-six percent of respondents say detection of a cyber attack takes too
long in their organizations, according to the report. Eighty-five percent
say they are unable to properly prioritize alerts and incidents as they
occur. Seventy-four percent say there is poor or no integration between
their security point products, which makes it hard for them to respond
effectively to new incidents.

"They're getting alerts from their SIEM [security incident and event
management] tools, from FireEye [malware analysis tools], and from Palo
Alto Networks [next-generation firewalls], and they have no way to figure
out which alerts to prioritize and which ones they should really care
about," says Craig Carpenter, chief cybersecurity strategist at AccessData.

Forty percent of respondents say none of their security products allow the
import of threat intelligence data from other sources, the study says.
Fifty-four percent say they are not able to or unsure of how to locate
sensitive data, such as trade secrets and personally identifiable
information (PII), on mobile devices.

"What this data tells us is that security pros are absolutely missing
things when they're analyzing threats and doing incident response," says
Carpenter. "They can't get the evidence they need to identify the source of
the attack."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!