July 18, 2016 by Canadian Underwriter
External cyberattacks are costing businesses in the United States about US$3.5 million in incurred annual costs, with 79% of polled businesses lacking comprehensive strategies to manage these risks, according to a new Ponemon Institute study sponsored by BrandProtect.
Despite acute awareness of the millions of dollars in annual costs, and the business risks posed by external internet threats, security leaders highlight the lack of staff expertise and technology as a key reason that these attacks are unchecked, the report suggests. The study, titled Security Beyond the Traditional Perimeter, surveyed 591 IT and IT practitioners in the U.S., with 20% being chief information security officers (20%) or IT security operations (45%).
Sponsored by Internet risk detection and mitigation expert BrandProtect, the report examined the threats, costs and responses of companies to external internet cyberattacks. These threats include executive impersonations, social engineering exploits and branded attacks arising outside a company’s traditional security perimeter. Security professionals cited an acute need for expertise, technology, and external services to address their growing concerns about these external threats.
Seventy-nine per cent of the IT and IT security practitioners polled indicated their defensive infrastructure to identify and mitigate those threats are either non-existent, ad hoc or inconsistently applied throughout the enterprise. On average, companies experienced slightly more than one cyberattack per month.
Other key findings included:
“The majority of security leaders understand that these external Internet threats imperil business continuity,” said Larry Ponemon, president of the Ponemon Research Institute, in a press release. “The study highlights a gap in defenses against threats that have proven to be extremely effective for cyber criminals and costly for enterprises.”
Security leaders agreed that monitoring the Internet and social media is critical to gaining intelligence about external threats. In the study, an average of 30% of cyberattacks were perpetrated via the Internet or social media. Top monitoring priorities include mobile app monitoring (cited by 62% of respondents), social engineering and organizational reconnaissance (61% of respondents), branded exploits (59% of respondents) spear-phishing infrastructure (58% of respondents) and executive and high value threats (54% of respondents).