Survey: Companies Failing to Prepare for Unknown Cyber Security Threats
Companies are funneling more money into cyber security, but not enough are preparing for future, dangerous "unknown threats,"according to a recent survey.
Many companies are investing in cyber security, but a Dell report found that only 18 percent of IT leaders interviewed considered "predicting and detecting unknown threats a top security concern."
At the same time, 73 percent of those asked said their company had experienced a security breach in the last year.
Companies must become proactive at preventing unknown cyber threats, said Paul Christman, vice president of public sector for Dell Software. Unknown threats are considered external actors that are fast and often able to transform quickly, he said.
Many security programs use patches or firewalls, but this is a reactive and based only on known threats, he said.
"If all you do is play defensive, if all you do is react to what has been identified as bad behavior, or bad activity or some sort of bad actor someplace, you're always going to be one step behind," Christman said.
The study, which was conducted in the fall of 2013, surveyed 1,440 IT decision makers in organizations with 500 employees or end users throughout the world, in both the private and public sectors.
To find these unknown threats, companies need to look at data and see if traces of intrusions are left behind, Christman said. If they can connect markers of intrusions, they can predict future attacks and move the unknown into the known, he said.
"That moves you into predicative, proactive protection. You're not going to get it by just looking at the firewall, you're just not going to get it by looking at virus signatures [and] you're not going to find it by looking at malware, because those things are already known," he said.
Investing in only known threats creates unnecessary risk, he said.
Of the industry officials polled, 83 percent said their companies had "security processes that enable them to immediately identify a security breach." The actual timeframe, officials reported, was an average of seven hours to detect an intrusion, the report said.
In reality, it can take some companies months to discover that there has been an intrusion in their networks, Christman said. Even if all companies could detect a presence in their network within seven hours, that can be unacceptable depending on the industry, he said.
"If you are dealing with a financial trading system, can you tolerate that being down for seven hours? Absolutely not. You wouldn't tolerate it being down for seven seconds," Christman said.
Stopping hackers and thieves needs to be a collective effort between the public, the government and industry, Christman said. As more attacks target private information, such as medical, financial or computer data, the public will become increasingly aware of the dangers, he said.
"Anybody that is a consumer or producer needs to participate in this," Christman said.