Most IT security leaders say that defenses needed to identify and mitigate cyber threats are non-existent, ad hoc or inconsistently applied (photo: ThinkStock).

Despite potentially huge business risks posed by external internet threats, IT security leaders say they lack the staff expertise and technology to adequately guard against cyberattacks, according to a new survey.

The Ponemon Institute, a provider of independent research on privacy, data protection and information security policy, discloses this finding in a report sponsored by BrandProtect. The study, “Security Beyond the Traditional Perimeter,” examines the threats, costs and responses of companies to external internet cyberattacks. These threats include executive impersonations, social engineering exploits, and branded attacks arising outside a company’s traditional security perimeter.

Related: BAE taps cyber skills honed for spooks to win clients

The survey reveals that nearly 8 in 10 (79 percent) of information technology security practitioners say their defensive infrastructure to identify and mitigate cyber threats are non-existent, ad hoc or inconsistently applied throughout the enterprise. The companies represented in the research, among them insurers, averaged more than one cyberattack per month and incurred annual costs of about $3.5 million because of these attacks. The security professionals polled cite an acute need for expertise, technology, and external services to address growing concerns about external threats.

Among the report’s key findings:

  • 59 percent of respondents say the protection of intellectual property from external threats is essential or very important to the sustainability of their companies.

  • External internet attacks are frequent and the financial costs of these attacks are significant. Respondents say they experience an average of 32 material cyberattacks, or slightly more than one per month, costing their companies an average $3.5 million annually.

  • Seventy-nine percent of respondents describe their security processes for internet and social media monitoring as non-existent (38 percent), ad hoc (23 percent) or inconsistently applied throughout the enterprise (18 percent).

  • 64 percent of security leaders (directors or higher) believe that they lack the tools and resources they need to monitor, 62 percent lack the tools and resources they need to analyze and understand, and 68 percent lack the tools and resources they need to mitigate external threats.

“The majority of security leaders understand that these external internet threats imperil business continuity,” says Ponemon Research Institute President Larry Ponemon. “The study highlights a gap in defenses against threats that have proven to be extremely effective for cyber criminals and costly for enterprises.”

Security leaders agreed that monitoring the internet and social media is critical to gaining intelligence about external threats. Top monitoring priorities include:

  • mobile app monitoring (cited by 62 percent of respondents)

  • social engineering and organizational reconnaissance (61 percent)

  • branded exploits (59 percent)

  • spear-phishing infrastructure (58 percent); executive and high value threats (54 percent of respondents.)

 

Related:

China’s hack of U.S data tied to health care record thefts

Health insurers sail into cyber marshmallow zone

Hey: Yes, the NAIC is talking to you

The 10 most expensive data breaches