The 2013 Live Threat Intelligence Impact Report from the Ponemon Institute, sponsored by Norse reveals how 700+ respondents from 378 enterprises defines
- What “live threat intelligence” is.
- How global enterprises are using it defend against compromises, breaches and exploits;
- The financial damage that slow, outdated and insufficient threat intelligence is inflicting on them.
The key findings were:
- They spent an average of $10 million in the past 12 months to resolve the impact of exploits.
- If they had actionable intelligence about cyberattacks within 60 seconds of a compromise, they could reduce this cost on average by $4 million (40%).
- Those that have been able to stop cyberattacks say they need actionable intelligence 4.6 minutes in advance to stop them from turning into compromises.
- 60% were unable to stop exploits because of outdated or insufficient threat intelligence.
- Those not successful in detecting attacks believe 12 minutes of advanced warning is sufficient to stop them from developing into compromises.
- 57% believe threat intelligence currently available to most companies is often too stale to enable them to grasp and understand the strategies, motivations, tactics and location of attackers.
- Only 10% know with absolute certainty that a material exploit or breach to networks or enterprise systems occurred.
Other findings include:
- 72% believe that in order to defend against an attack, it is important to essential to know the geo-location of attack sources.
- 69% believe that future attacks are most likely to come from China, but 71% said they were seeing most of their current attacks originating in the U.S.
- 57% of say Advanced Persistent Threats (APTs) are their greatest concern; 54% say they are most concerned about root kits; 45% say SQL and code injection is their biggest worry.
- 35% rely on IT security teams’ “gut feel” to determine whether or not an attack will occur.
- 34% believe that criminal syndicates pose the biggest threat to their enterprise; 19% said state-sponsored attackers were the greatest threat.
- 9% cannot determine whether or not they are compromised.
- A wide range of technologies is used to gather threat intelligence, ranging from SIEM to IDS to IAM to Big Data analytics and firewalls. On a one-to-10 scale of effectiveness, only 22% rate these technologies between a 7 and a 10, and 78% rate them between a 1 and 6.
These findings are startling but not surprising. Enterprises are conditioned to believe that after-the-fact threat intelligence is all that is available, a perception that is leaving them open to compromises and data breaches that are costing them millions,” said Sam Glines, CEO, Norse. “This report makes it clear that enterprises are in need of an advanced level of threat intelligence that shrinks the interval between attack identification and mitigation down to minutes or even seconds if they are to survive the modern-day cyberthreat juggernaut
Ponemon Institute has conducted IT security research for over a decade, and this is one of the first studies that reveals the facts behind the impact that weak threat intelligence is having on organizations,” said Larry Ponemon, founder and chairman of Ponemon Institute. “Anyone who reads this report will come to understand that live threat intelligence must be an integral part of any security strategy.”
To view the report click here.