According to a Ponemon Institute Survey, sponsored by Arbor Networks, Financial Services and Retail organizations agree, advanced threats are the most serious security challenge facing their organizations. Despite the concern, both industries struggle to identify these attacks once they are inside their network.

Known as ‘dwell’ time, the time it takes to identify these attacks is

  • 98 days for Financial Services firms
  • 197 days for Retail

Despite these results, 58% of Financial Services and 71% of Retail organizations said they are not optimistic about their ability to improve these results in the coming year. This is alarming considering the number of attacks targeting their networks. Within Financial Services, 83% experienced more than 50 attacks per month, while 44% of Retail firms did.

The big takeaway from our research is that more investment is needed in both security operations staff and in security tools, which can help companies efficiently and accurately detect and respond to security incidents,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “The time to detect an advanced threat is far too long; attackers are getting in and staying long enough that the damage caused is often irreparable

It’s time to find a better balance between technology solutions, usability, workflow and the people who use them. As security vendors, we need to help our customers so they can adapt to this new cyber security reality that balances the threats with the people who fight them every day,” said Matthew Moynahan, president of Arbor Networks.

In the wake of high profile mega breaches, the Ponemon Institute surveyed Financial Services and Retail firms in North America and Europe, Middle East and Africa (EMEA) to better understand how they are dealing with attacks targeting their organizations. The survey asked how these organizations manage the explosion in advanced threats and distributed denial of service (DDoS) attacks targeting their infrastructure; how effective (or not) their IT investments are; and how they are adapting incident response procedures and integrating threat intelligence for better visibility, insight and context.

Key Findings Among Financial Services Firms

Advanced Threats

  • 71% view technologies that provide intelligence about networks and traffic as most promising at stopping or minimizing advance threats during the seven phases of the Kill Chain
  • 45% have implemented incident response procedures
  • 43% have established threat sharing with other companies or government entities

DDoS Attacks

  • 55% consider DDoS attacks as an advanced threat
  • 48% ‘Strongly Agree’ or ‘Agree’ that they are effective in containing DDoS attacks
  • 45% have established threat sharing with other companies or government entities to minimize or contain the impact of DDoS attacks

Budgets & Staffing. Budgets are allocated

  • 40% towards Technology
  • 37% to Staffing
  • 20% to Managed Services

Key Findings Among Retail Firms

Advanced Threats

  • 64% view technologies that provide intelligence about networks and traffic as most promising at stopping or minimizing advance threats during the seven phases of the Kill Chain
  • 34% have implemented incident response procedures
  • 17% have established threat sharing with other companies or government entities

DDoS Attacks

  • 50% consider DDoS attacks as an advanced threat
  • 39% firms ‘Strongly Agree’ or ‘Agree’ that they are effective in containing DDoS attacks
  • 13% have established threat sharing with other companies or government entities to minimize or contain the impact of DDoS attacks

Budgets & Staffing. Budgets are allocated

  • 34% towards Technology
  • 27% to Staffing
  • 34% to Managed Services
Advertisements