Retail companies take 200 days to identify advanced cyber threats, survey reveals
Attackers get in and stay
Known as "dwell" time, the time it takes to identify these attacks is, on average, 197 days for retail organisations. Despite this, 71 percent of the retail organisations surveyed said they are not optimistic about their ability to improve these results in the coming year.
This is alarming considering the number of attacks targeting their networks - 44 percent of retail organisations experienced more than 50 attacks per month. The Ponemon Institute surveyed retail organisations in North America and Europe, Middle East and Africa (EMEA) to better understand how they are dealing with attacks targeting their organisations.
"The big takeaway from our research is that more investment is needed in both security operations staff and in security tools, which can help companies efficiently and accurately detect and respond to security incidents," says Dr Larry Ponemon, chairman and founder, Ponemon Institute. "The time to detect an advanced threat is far too long; attackers are getting in and staying long enough that the damage caused is often irreparable."
Adapt to new cyber security reality
"It's time to find a better balance between technology solutions, usability, workflow and the people who use them. As security vendors, we aim to assist our retail customers so they can adapt to this new cyber security reality that balances the threats with the people who fight them every day," adds Bryan Hamman, territory manager for sub-Saharan Africa at Arbor Networks.
The Ponemon survey asked how retail organisations manage the explosion in advanced threats and distributed denial of service (DDoS) attacks targeting their infrastructure; how effective (or not) their IT investments are and how they are adapting incident response procedures and integrating threat intelligence for better visibility, insight and context. Key findings among retail organisations included:
Advanced threats
64 percent view technologies that provide intelligence about networks and traffic as most promising at stopping or minimising advanced threats during the seven phases of the kill chain;
34 percent have implemented incident response procedures; and
17 percent have established threat sharing with other companies or government entities.
DDoS attacks
50 percent consider DDoS attacks as an advanced threat;
39 percent firms "strongly agree" or "agree" that they are effective in containing DDoS attacks; and
13 percent have established threat sharing with other companies or government entities to minimise or contain the impact of DDoS attacks.
Budgets and staffing
Budgets are allocated 34 percent towards technology; 27 percent to staffing and 34 percent to managed services.
Retail organisations surveyed included 675 IT and IT security practitioners in North America and in 14 countries in EMEA. Only IT practitioners who are familiar with their companies' defence against cybersecurity attacks and have responsibility for directing cybersecurity activities within the company were selected to take part.