According to our survey of nearly 200 IT security pros at this summer’s Black Hat USA 2013 Conference in Las Vegas, 52% of organizations are not confident that their IT staff can detect the presence of hackers attempting to breach their network.
The survey also found that 63% of respondents believe that a state-sponsored hacker will attempt to breach their organization in the next six months. In response, an overwhelming 90% have taken at least some proactive steps to protect themselves – including user training against advanced persistent threats (APTs), and the addition of new security appliances. Additionally, 89% of respondents’ organizations have carried out endpoint testing to protect against APTs, while 81% conduct pen testing.
However, more than a third of respondents (36%) don’t think that their organizations’ current security products and processes can keep up with today’s emerging threats.
Our takeaway to these statistics? The fact that a great many IT security professionals work in organizations that acknowledge what a challenge APTs present to their networks, and are willing to do something about it, is encouraging. In addition to the figures cited above, 69.7% of respondents acknowledged that they use all four of the security measures we listed – user training, security appliances, endpoint testing and pen testing – demonstrating the resolve to defend against potential cyber attacks.
Also noticeable, though, is that more than a third of respondents believe that their current security posture is insufficient against heavy-set attacks, yet not all are prepared to actually do something about it. And these are the very people who are knowledgeable and experienced enough in IT security to attend the world-famous BlackHat show. I suppose they feel that hoping for the best is sufficient protection.
For more details on this survey see: http://www.liebsoft.com/state_sponsored_attacks_research/