Aim of Study: To study how cyber attacks causing loss to organization.
Main points:
If it sometimes appears that exactly about every company is getting hacked these days, that's because they are.
In a recent study of 583 U.S companies conducted by Ponemon Research on behalf of Juniper Networks, 90% of the respondents said their organizations' computers had been offended at least one time by hackers over the past 12 months.
Nearly 60% reported two or more breaches over the past year. More than 50% said they had little confidence of being able to stave off further attacks over the next 12 months.
Those numbers are significantly higher than the findings in similar surveys, and they suggest that a growing number of enterprises are losing the battle to keep malicious intruders out of their networks.
"We expected a majority to say they had experienced a breach," said Johnnie Konstantas, director of product marketing at Juniper, a Sunnyvale, Calif.-based networking company. "But to have 90% saying they had experienced at least one breach, and more than 50% saying they had experienced two or more, is mind-blowing." Those findings suggest "that a breach has become almost a statistical certainty" these days, she said.
The organizations that participated in the Ponemon survey represented a wide cross-section of both the private and public sectors, ranging from small organizations with less than 500 employees to enterprises with workforces of more than 75,000. The online survey was conducted over a five-day period earlier this month.
Roughly half of the respondents blamed resource constraints for the security woes, while about the same number cited network complexity as the primary challenge to implementing security controls.
The Ponemon survey comes at a time of growing concern about the ability of companies to fend off sophisticated cyber attacks. Over the past several months, hackers have broken into numerous supposedly secure organizations, such as security vendor RSA, Lockheed Martin, Oak Ridge National Laboratories and the International Monetary Fund.
Many of the attacks have involved the use of sophisticated malware and social engineering techniques designed to evade easy detection by conventional security tools.
The attacks have highlighted what analysts say is a growing need for enterprises to implement controls for the quick detection and containment of security breaches. Instead of focusing only on