What happens after a data breach, criminals attack the enterprise network, or PCs get infected with a virus via Facebook, leading to network downtime? According to a new survey: confusion. That's because two-thirds of organizations lack the right data or tools to fully understand the scope of a security incident, and 35% lack a response plan.
Those findings come from a new survey conducted by Trusted Strategies for Solera Networks, which sells network monitoring tools. The study queried more than 200 security professionals about their organization's ability to detect and deal with advanced, persistent threats. Such threats often use combinations of attacks to sneak past existing security defenses.
"We have seen a shift in the type of threats organizations are having to deal with," said Peter Schlampp, VP of marketing and product management at Solera Networks, in a statement. "Opportunistic theft and vandalism on networks is being replaced with targeted, multi-component, persistent attacks focused on specific systems and assets. Results of the study clearly show that most organizations are ill prepared to prevent and respond to these incidents."
Interestingly, when it comes to responding to security incidents, what respondents fear most of all isn't intellectual property theft, corporate brand implosion, or recovery costs, but downtime. Indeed, 93% of respondents said that network or system outages were their primary post-incident concern, and 92% said they feared excessively long cleanup times. Yet one-quarter of organizations said that they're "not prepared" to handle security incidents, and 28% said they were only somewhat prepared.
What causes downtime? According to respondents, one of the leading threats is insiders -- and not even the malicious kind. According to Solera, "nearly all responders (96%) feel moderately or extremely threatened by employee web activity, and 71% worry about IM exploits."
Of course, security incidents and downtime will happen. But how well prepared are respondents? Interestingly, the survey -- updating a similar one conducted last year -- found a decline in the number of organizations reporting that they had a security incident response plan in place. Specifically, whereas in 2009, 76% of organizations had such a plan, by 2010 only 62% of organizations had one.
What's behind the drop? Perhaps because this year's study involved a larger number of security managers, instead of general IT personnel supposedly in the know. According to Solera: "Security officers know the true state of the response plan and any weaknesses therein. Hence we have a more accurate view."