Advanced Threats in Retail Companies: A Study of North America & EMEA

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Advanced Threats in Retail Companies: A Study of North America & EMEA"

Transcription

1 Advanced Threats in Companies: A Study of North America & EMEA Sponsored by Arbor Networks Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report

2 Part 1. Introduction Advanced Threats in Companies A Study of North America & EMEA 1 Ponemon Institute, May 2015 Ponemon Institute is pleased to present the results of Advanced Threats in Companies: A Study of North America & EMEA sponsored by Arbor Networks. In the wake of mega breaches experienced by retail companies, has the industry improved its ability to prevent or stop advanced threats (ATs)? Are they able to evaluate and measure the effectiveness of their incident response? Are they making the appropriate investments in technologies and expertise to avoid an AT or DDoS attack? In this research, we define ATs as a type of cyber attack designed to evade an organization s present technical and process countermeasures. For example, ATs are those that are specifically designed to bypass firewalls, intrusion detection systems and anti-malware programs. We surveyed 675 IT and IT security practitioners in North America and in 14 countries in Europe, Middle East & Africa (EMEA). To ensure a knowledgeable and quality response, only IT practitioners who are familiar with their companies defense against cybersecurity attacks and have responsibility in directing cybersecurity activities within their company were selected to participate in this study. As shown in Figure 1, respondents worry much more about ATs than DDoS attacks. Respondents also say ATs occur more frequently than DDoS attacks and it is much more difficult to detect and contain ATs than DDoS attacks, as discussed in this report. Following are key findings that reveal why retail companies are vulnerable to ATs: Rely on gut feel to determine if the company had a targeted AT. Only about one-third of companies represented in this study use incident response to contain the impact of ATs and DDoS attacks. Time to detect an attack is too long. It takes on average approximately 197 days to detect an AT. Only 29 percent expect this to improve over the next 12 months. More investment is needed in security operations staff and forensic tools to be able to investigate security incidents in a timely and effective manner. Those companies using the cyber kill chain approach to dealing with ATs are not allocating enough resources to those phases, such as reconnaissance, where it is most difficult to stop ATs. 1 North America includes Canada and the United States. EMEA countries include Denmark, France, Germany, Italy, Netherlands, Poland, Saudi Arabia, South Africa, Spain, Sweden, Switzerland, Turkey, United Arab Emirates and United Kingdom. Ponemon Institute Research Report Page 1

3 Part 2. Key findings The topics covered in this research include: Advanced threats and denial of service attacks in retail companies How companies deal with cyber attack incidents The Cyber Kill Chain and dealing with advanced threats Budget for advanced threats Industry differences: retail companies vs. financial services Advanced threats and denial of service attacks in retail companies Companies have an average of almost one serious cyber attack per month. In the context of this research, cyber attacks refer to all computer-based assaults on an organization s IT infrastructure, applications, databases and source data. Cyber attacks typically involve malicious software or code that seeks to infiltrate networks or infect endpoint devices. Attack methods may also involve malicious or criminal insiders. Based on the definition above, respondents believe their organization experienced almost eight cyber attacks in the past 12 months. Seventy-four percent of respondents say they were considered an AT and 50 percent of respondents say it was a denial of service (DDoS) attacks. As shown in Figure 2, although most respondents believe one or more of the attacks could have been an AT, it is mostly gut feel (38 percent of respondents) they rely upon. Forensic evidence (23 percent of respondents) and known signature of the attacker (21 percent of respondents) are also used to determine if it was an AT. In the case of DDoS, 31 percent of respondents say it was from forensic evidence informed be degradation of application or system performance followed by shared threat intelligence by customer or partner due to a lack of available internal resources (28 percent). Figure 2. How did you know the attack was an AT or DDoS? Gut feel Forensic evidence informed by degradation of application or system performance Known signature of the attacker Shared threat intelligence by customer or partner due to lack of available internal resources 24% 23% 21% 17% 16% 28% 31% 38% Other 2% 1% 0% 5% 10% 15% 20% 25% 30% 35% 40% How did you know that the attack was an AT? How did you know that the attack was a DDoS? Ponemon Institute Research Report Page 2

4 Companies have difficulty detecting and containing ATs and DDoS attacks. According to Figure 3, respondents agree they are more likely to have security technologies and personnel that are effective in quickly detecting advance threats than DDoS (44 percent vs. 39 percent). However, they are equally poor at containing these cyber attacks (38 percent and 39 percent, respectively). Figure 3. Perceptions about ATs and DDoS Strongly agree and agree response combine Security technologies and personnel are effective in quickly detecting advance threats 44% Security technologies and personnel are effective in quickly detecting denial of service attacks 39% Security technologies and personnel are effective in containing denial of service attacks 39% Security technologies and personnel are effective in containing advance threats 38% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Ponemon Institute Research Report Page 3

5 To deal with both types of attacks, most companies installed controls to prevent infiltration. When asked what steps their companies took to minimize or contain the impact of the AT and DDoS attacks, the most common was to install controls to prevent infiltration (42 percent and 41 percent of respondents) and installed controls to quickly detect and block infiltration (37 percent and 38 percent of respondents, respectively), as shown in Figure 4. Figure 4. Steps taken to minimize the impact of ATs and DDoS attacks More than one response permitted Installed controls to prevent infiltration Installed controls to quickly detect and block infiltration Implemented incident response procedures 42% 41% 37% 38% 34% 33% Established threat sharing with other companies or government entities Conducted specialized training for IT security team 17% 13% 13% 12% Other 1% 0% Steps taken to minimize or contain the impact of the AT 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% Steps taken to minimize or contain the impact of the DDoS attacked Ponemon Institute Research Report Page 4

6 How companies deal with cyber attack incidents How security incidents are investigated. In the context of this study, a security incident is an event that potentially results in adverse consequences to an organization s network or enterprise system. It also includes events that constitute violations of security policies, standardized procedures, or acceptable use policies by employees and other insiders. On average, SecOps and/or CSIRT teams in the companies represented in this study investigate 81 security incidents each month. The average number of employees in a company responsible for participating in responses to cybersecurity incidents is 11. According to Figure 5, the events most often considered a security incident are targeted attacks that result in the theft of customer data (99 percent of respondents), denial of service attacks (98 percent of respondents), targeted attacks that result in the theft of high-value intellectual properties (89 percent of respondents) and reported wrongdoing by employees (83 percent of respondents). Figure 5. What is considered a security incident Targeted attack that results in the theft of customer data Denial of service attack Targeted attack that results in the theft of highvalue intellectual properties Reported wrongdoing by employee Lost or stolen device Reported wrongdoing by third party 99% 98% 89% 83% 75% 69% Other 1% 0% 20% 40% 60% 80% 100% 120% Ponemon Institute Research Report Page 5

7 The majority of organizations use Mean Time to Identify (MTTI) and Mean Time to Contain (MTTC) metrics to determine the effectiveness of their organization s incident response process. Fifty-three percent of respondents use MTTI to measure the time it takes to detect that an incident has occurred. As shown in Figure 6, the findings reveal that the average time it takes to respond to an AT attack is almost 200 days. In contrast, the average MTTI for denial of services is approximately 39 days. Fifty-eight percent of respondents say they use the MTTC metric to understand how good they are at containing an attack. Again, it takes longer to deal with an advanced threat. The average MTTC for ATs is approximately 39 days. In contrast, the average MTTC for denial of services is approximately 18 days. Figure 6. The average time to detect and resolve an AT and DDoS Extrapolated value (days) MTTI for advanced threats MTTI for denial of service MTTC for advanced threats MTTC for denial of service Ponemon Institute Research Report Page 6

8 Steps to improve the time to detect and contain an attack are similar. Thirty-two percent of respondents anticipate MTTC will improve in the next 12 months. To achieve this improvement, 57 percent are integrating threat intelligence into the incident response function and 49 percent of respondents are improving their triage process Only 29 percent of respondents anticipate that MTTI will improve in the next 12 months. To achieve this improvement, 60 percent of respondents are integrating threat intelligence into the incident response process and 50 percent are improving their triage process, as revealed in Figure 7. Figure 7. Steps to improve MTTI & MTTC More than one response permitted Integrate threat intelligence into IR function 60% 57% Improve triage process 50% 49% Increase security operations staff Implement new forensic security tools Introduce hunting team to look for attacks 41% 41% 40% 41% 33% 35% Other 1% 0% 0% 10% 20% 30% 40% 50% 60% 70% Steps to improve MTTI Steps to improve MTTC Ponemon Institute Research Report Page 7

9 Cyber Kill Chain and dealing with advanced threats Cyber Kill Chain is a term familiar to a majority of respondents. Seventy-six percent of respondents understand the cyber kill chain, which refers to a life cycle approach that allows information security professionals to proactively remediate and mitigate advanced threats as part of the organization s intelligence-driven defense process. This process is organized into the following 7 phases: 1. Reconnaissance - Research, identification and selection of targets. 2. Weaponization - Coupling a remote access trojan with an exploit into a deliverable payload, typically by means of an automated tool (weaponizer). 3. Delivery - Transmission of the weapon to the targeted environment. 4. Exploitation - After the weapon is delivered to a victim s host, exploitation triggers the nefarious code. 5. Installation - Installation of a remote access trojan or backdoor on the victim s system allowing the adversary to maintain persistence inside the environment. 6. Command & control (C2) - Typically, compromised hosts must beacon outbound to an Internet controller server to establish a C2 channel. Once the C2 channel establishes, intruders have hands on the keyboard access inside the target environment. 7. Actions on objectives - After progressing through the first six phases, the intruders take actions to achieve their original objectives such as data exfiltration. Reconnaissance is the most difficult phase to stop or minimize ATs. The majority of respondents believe it is impossible, very difficult or difficult to deal with ATs in every phase of the kill chain. However, reconnaissance or the research, identification and section of targets, according to 87 percent of respondents, is the most challenging (Figure 8). Installation of a remote access Trojan or backdoor on the victim system allowing the adversary to maintain persistence inside the environment is the next most difficult phase. Figure 8. Ability to stop or minimize advance threats in each phase of the Cyber Kill Chain Impossible, very difficult and difficult response combined Reconnaissance 87% Installation Actions on Objectives Exploitation Weaponization Delivery Command & Control (C2) 79% 77% 71% 69% 68% 67% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Ponemon Institute Research Report Page 8

10 How much money is allocated for each phase of the Cyber Kill Chain? As shown in Figure 9, while the reconnaissance phase is the most difficult in dealing with ATs, it is also the phase that receives the least amount of resources (2 percent of the total security resources). Twenty percent of total IT security resources are applied to the exploitation phase when after the weapon is delivered to a victim s host, exploitation triggers the nefarious code. Nineteen percent is allocated to actions on objectives. Figure 9. Percentage of total IT total security resources for each cyber kill chain phase Exploitation Actions on Objectives 19% 20% Installation Command & Control (C2) Weaponization Delivery 16% 15% 14% 14% Reconnaissance 2% 0% 5% 10% 15% 20% 25% Extrapolated value Ponemon Institute Research Report Page 9

11 How capable are companies in stopping or minimizing ATs in each phase of the Cyber Kill Chain? As described above, the most difficult or impossible phase in which to stop ATs is the reconnaissance phase. As a result, only six percent of respondents rate their ability to stop or minimize ATs as high (7+ on a scale of 1 = lowest ability and 10 = the highest ability), as shown in Figure 10. In contrast 70 percent of respondents say their ability is highest in the exploitation phase, which receives the most resources. However, 62 percent rate their ability as very high in the delivery phase, which does not receive as much of the available resources. Figure 10. Ability to stop or minimize advanced threats in each phase On a scale of 1 = lowest ability to 10 = highest ability percentage of respondents who rated their ability 7+ Exploitation 70% Delivery Installation Command & Control (C2) 58% 58% 62% Actions on Objectives Weaponization 47% 51% Reconnaissance 6% 0% 10% 20% 30% 40% 50% 60% 70% 80% Ponemon Institute Research Report Page 10

12 The most promising technology to stop ATs is intelligence about network traffic, according to 64 percent of respondents. As shown in Figure 11, 55 percent of respondents say technologies that secure information assets and that isolate or sandbox malware infections are effective. Considered the least effective in the Cyber Kill Chain are the technologies that simplify the reporting of threats and those that minimize insider threats (including negligence). Figure 11. The most promising technologies to stop or minimize ATs Three responses permitted Technologies that provide intelligence about networks and traffic Technologies that isolate or sandbox malware infections Technologies that secure information assets 55% 55% 64% Technologies that secure the perimeter Technologies that provide intelligence about attackers motivation and weak spots Technologies that secure endpoints including mobile-connected devices 26% 42% 40% Technologies that simplify the reporting of threats 13% Technologies that minimize insider threats (including negligence) 5% 0% 10% 20% 30% 40% 50% 60% 70% Ponemon Institute Research Report Page 11

13 Budget for advanced threats defense Personnel and technologies receive the most budget. Respondents were asked to allocate 100 points to indicate the relative proportion of each area to the 2015 IT security budget for their organization. Thirty-seven points were allocated to in-house personnel followed by 34 points for technologies. This is followed by managed (third party) services (24 points) followed by cash outlays (4 points). Figure 12. Allocation of resources to defend against ATs Extrapolated value in days In-house personnel Technologies Managed (third party) services 4 Other cash outlays According to Table 1, the average total IT budget is approximately $81 million. Eight percent or approximately $6.5 million is allocated to IT security activities and investments. For those companies planning to use the cyber kill chain, approximately $1.4 million will be spent or 22 percent of the IT security budget. Table 1. The average budget for IT, IT security and Cyber Kill Chain Extrapolated value 2015 IT budget $81,250, IT security activities and investments (8 percent) $6,500, Cyber Kill Chain Activities (22 percent of the IT security budget) $1,430,000 Ponemon Institute Research Report Page 12

14 Industry differences: retail companies vs. financial services This research was conducted in both the financial and retail industry sectors. In the retail sector, 675 IT and IT security practitioners participated. These findings are presented in a companion report, Advanced Threats in the Industry: A Study of North America & EMEA IT Security Practitioners. Industry differences emerged that reveal how much more effective financial services companies are in managing and reducing the impact of ATs and DDoS attacks. Financial services are more confident in their ability to contain ATs and DDoS attacks. As shown in Figure 13, financial services are more confident than retail companies in containing both ATs and DDoS attacks. is more confident in containing ATs than DDoS attacks. Figure 13. Effectiveness in containing ATs and DDoS attacks On a scale of 1 = lowest ability to 10 = highest ability percentage of respondents who rated their ability 7+ 70% 63% 64% 60% 50% 44% 40% 30% 31% 20% 10% 0% Effectiveness in containing ATs Effectiveness in containing DDoS attacks Financial services Ponemon Institute Research Report Page 13

15 Financial services are more likely to measure the time it takes to detect and contain an AT. As shown in Figure 14, more financial services companies use time-dependent metrics. Forty percent of retail companies are not using these metrics to determine their effectiveness in responding to incidents. If they do use these measures, they are most likely to measure the time it takes to contain an attack. Figure 14. Time-dependent metrics used to determine incident response effectiveness 70% 60% 50% 40% 30% 20% 53% 62% 58% 66% 40% 28% 10% 5% 5% 0% MTTI MTTC Other We don t utilize timedependent operational metrics Financial services Financial services are faster to detect and contain an incident. It takes almost twice as long for retail companies to detect if an incident has occurred (196.5 days for retail companies vs for financial services, according to Figure 15. Financial services companies in this study are also faster to contain both ATs and DDoS attacks. Figure 15. Time it takes to detect and contain an AT Extrapolated value (days) Average MTTI experienced for advanced threats Average MTTI experienced for denial of service Average MTTC experienced for advanced threats Average MTTC experienced for denial of service Financial services Ponemon Institute Research Report Page 14

16 Financial services are more optimistic they can reduce the time to detect and contain attacks. According to Figure 16, in the next 12 months respondents in financial services are far more optimistic that they will improve their ability to detect and contain incidents. New Figure 16. Will MTTI and MTTC improve in the next 12 months? Yes response 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% 29% 42% Do you expect MTTI to decrease (improve) over the next 12 months? 32% 40% Do you expect MTTC to decrease (improve) over the next 12 months? Financial services The use of threat intelligence will be used to improve detection. To achieve a reduction in the time to detect an attack, both retail and financial services will integrate intelligence into the incident response time, as revealed in Figure 17. Financial services are more likely to hire security operations staff and introduce new forensic security tools. Figure 17. Steps taken to reduce the time it takes to detect attacks Integrate threat intelligence into IR function Improve triage process Increase security operations staff Implement new forensic security tools Introduce hunting team to look for attacks Other 1% 1% 41% 40% 33% 40% 60% 50% 55% 56% 60% 74% 0% 10% 20% 30% 40% 50% 60% 70% 80% Financial services Ponemon Institute Research Report Page 15

17 Threat intelligence is the number one step to reduce the time to contain attacks. In general, financial services companies are more likely to take steps to reduce the time to contain attacks, According to Figure 18, 73 percent of respondents in financial services will integrate threat intelligence into the incident response function and 57 percent of respondents in retail companies say they will do so. Again, financial services are more likely to implement new forensic security tools and hire more staff. Figure 18. Steps taken to reduce the time to contain attacks Integrate threat intelligence into IR function Improve triage process 57% 49% 53% 73% Implement new forensic security tools 41% 60% Increase security operations staff Introduce hunting team to look for attacks 41% 35% 41% 53% Other 0% 2% 0% 10% 20% 30% 40% 50% 60% 70% 80% Financial services Ponemon Institute Research Report Page 16

18 Part 3. Methods The sampling frame is composed of 17,000 IT and IT security practitioners in North America and in 14 countries in EMEA who are familiar with their companies defense against cybersecurity attacks and have responsibility in directing cybersecurity activities within their company. As shown in Table 2, 749 respondents completed the survey. Screening removed 74 surveys. The final sample was 675 surveys (or a 4.0 percent response rate). Table 2. Sample response Freq Pct% Total sampling frame 17, % Total returns % Rejected or screened surveys % Final sample % Pie Chart 1 reports the current position or organizational level of the respondents. More than half of respondents (54 percent) reported their current position as supervisory or above. Pie Chart 1. Current position or organizational level 3% 3% 7% 16% Executive/VP 36% 19% Director Manager Supervisor Technician Associate/staff Other 16% Pie Chart 2 identifies the primary person the respondent or their supervisor reports to. Sixty percent of respondents report to the chief information officer and 16 percent report to the chief information security officer. Pie Chart 2. The primary person you or your supervisor reports to 8% 4% 2% 2% Chief Information Officer 8% Chief Information Security Officer Chief Technology Officer 16% 60% Compliance Officer Chief Risk Officer Business owner Other Ponemon Institute Research Report Page 17

19 Pie Chart 3 reports the primary retail industry focus of respondents organizations. This chart identifies conventional retailer (37 percent) as the largest segment, followed by internet retailer (34 percent) and a combination (19 percent). Pie Chart 3. Primary retail industry focus 6% 3% 1% Conventional retailer 19% 37% Internet retailer Combination tech Franchises Other 34% According to Pie Chart 4, the majority of respondents (89 percent) are from organizations with a global headcount of 1,000 or more employees. Pie Chart 4. Worldwide headcount of the organization 20% 5% 6% 13% < to 1,000 1,001 to 5,000 20% 5,001 to 25,000 25,001 to 75,000 > 75,000 37% Ponemon Institute Research Report Page 18

20 Part 4. Caveats There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web-based surveys. Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument. Sampling frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are IT or IT security practitioners located in various organizations in North American and EMEA. We also acknowledge that the results may be biased by external events such as media coverage. We also acknowledge bias caused by compensating subjects to complete this research within a specified time period. Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide accurate responses. Ponemon Institute Research Report Page 19

21 Appendix: Detailed Survey Results The following tables provide the frequency or percentage frequency of responses to all survey questions contained in this study. All survey responses were captured in February Survey response Sampling frame 17,000 Total returns 749 Rejected or screened surveys 74 Final sample: Overall (n = 1519) North America (n = 808) and EMEA (n = 711) 675 Response rate 4.0% Screening Questions S1. How familiar are you with your organization s defense against cyber security attacks? Very familiar 39% Familiar 28% Somewhat familiar 33% No knowledge (Stop) 0% S2. Do you have any responsibility in directing cyber security activities within your organization? Yes, full responsibility 27% Yes, some responsibility 57% Yes, minimum responsibility 16% No responsibility (Stop) 0% Part 1. Attributions: Please rate the following statements using the five-point scale provided below each item. Q1a. My organization has security technologies and personnel that are effective in quickly detecting advance threats. Strongly agree 16% Agree 28% Unsure 26% Disagree 21% Strongly disagree 10% Q1b. My organization has security technologies and personnel that are effective in quickly detecting denial of service attacks. Strongly agree 14% Agree 25% Unsure 30% Disagree 22% Strongly disagree 9% Ponemon Institute Research Report Page 20

22 Q1c. My organization has security technologies and personnel that are effective in containing advance threats. Strongly agree 13% Agree 25% Unsure 32% Disagree 21% Strongly disagree 9% Q1d. My organization has security technologies and personnel that are effective in containing denial of service attacks. Strongly agree 15% Agree 24% Unsure 31% Disagree 19% Strongly disagree 11% Q1e. The greatest threats to my organization are targeted advanced attacks. Strongly agree 27% Agree 35% Unsure 26% Disagree 6% Strongly disagree 7% Q1f. The greatest threats to my organization are denial of service attacks. Strongly agree 25% Agree 28% Unsure 31% Disagree 10% Strongly disagree 6% Part 2. Incident Experience Q2. How many cyber attacks (see definition) has your organization experienced over the past 12 months? None (skip to Q11) 6% 1 to 2 6% 3 to 4 12% 5 to 6 22% 7 to 8 16% 9 to 10 19% More than 10 20% Extrapolated value 7.73 Q3. Do you consider any of the above attacks an advanced threat (AT)? Yes 74% No (skip to Q7) 26% Ponemon Institute Research Report Page 21

23 Q4. How did you know that the attack was an AT? Forensic evidence 23% Shared threat intelligence 16% Known signature of the attacker 21% Gut feel 38% Other (please specify) 2% Q5. What steps did your organization take to minimize or contain the impact of the AT? Implemented incident response procedures 34% Conducted specialized training for IT security team 13% Installed controls to prevent infiltration 42% Installed controls to quickly detect and block infiltration 37% Established threat sharing with other companies or government entities 17% Other (please specify) 1% Total 143% Q6. Using the following 10-point scale from 1 = low to 10 = high, please rate your organization s effectiveness in containing ATs? 1 or 2 11% 3 or 4 12% 5 or 6 33% 7 or 8 33% 9 or 10 11% Extrapolated value 5.94 Q7. Do you consider any of the cyber attacks (indicated in Q2) a denial of service (DDoS)? Yes 50% No (skip to Q11) 50% Q8. How did you know that the attack was a DDoS? Forensic evidence informed by degradation of application or system performance 31% Shared threat intelligence by customer or partner due to lack of available internal resources 28% Known signature of the attacker 17% Gut feel 24% Other (please specify) 1% Ponemon Institute Research Report Page 22

24 Q9. What steps did your organization take to minimize or contain the impact of the DDoS attack? Implemented incident response procedures 33% Conducted specialized training for IT security team 12% Installed controls to prevent infiltration 41% Installed controls to quickly detect and block infiltration 38% Established threat sharing with other companies or government entities 13% Other (please specify) 0% Total 138% Q10. Using the following 10-point scale from 1 = low to 10 = high, please rate your organization s effectiveness in containing DDoS attacks? 1 or 2 13% 3 or 4 21% 5 or 6 35% 7 or 8 13% 9 or 10 18% Extrapolated value 5.52 Q11. What is the full-time equivalent headcount of employees in your organization who are responsible for cyber security incident investigation, analysis and management? Less than 5 25% 5 to 10 30% 11 to 15 21% 16 to 20 16% 21 to 25 7% 26 to 30 0% More than 30 0% Extrapolated value Q12. From the list below, please select all the events or issues that your organization would consider a security incident? Lost or stolen device 75% Reported wrongdoing by employee 83% Reported wrongdoing by third party 69% Targeted attack that results in the theft of customer data 99% Targeted attack that results in the theft of high-value intellectual properties 89% Denial of service attack 98% Other (please specify) 1% None of the above 0% Total 514% Ponemon Institute Research Report Page 23

25 Q13. Approximately, how many security incidents are investigated by your organization s SecOps and/or CSIRT team each month? Less than 10 5% 10 to 25 18% 26 to 50 33% 51 to % 101 to % 251 to 500 5% More than 500 1% Extrapolated value Q14. What organizational group or team is responsible for incident investigation, analysis and management? Security operations team (SecOps) 48% Cyber security incident response team (CSIRT) 37% Both (shared responsibility) 11% Other (please specify) 4% Q15. What time-dependent metrics does your organization use to determine the effectiveness of your organization s incident response process? MTTI 53% MTTC 58% Other (please specify) 5% We don t utilize time-dependent operational metrics (skip to Q20) 40% Q16. Approximately, what is an average MTTI experienced by your organization in recent incidents? Your best guess is welcome. Q16a. For advanced threats: Less than 30 minutes 0% 31 to 60 minutes 0% 1 to 4 hours 0% 5 to 8 hours 1% 1 to 2 days 2% 3 to 7 days 5% 1 to 4 weeks 15% 1 to 3 months 19% 4 to 6 months 19% 7 to 12 months 19% 1 to 2 years 14% More than two years 6% Extrapolated days Ponemon Institute Research Report Page 24

26 Q16b. For denial of services: Less than 30 minutes 3% 31 to 60 minutes 6% 1 to 4 hours 5% 5 to 8 hours 16% 1 to 2 days 16% 3 to 7 days 17% 1 to 4 weeks 15% 1 to 3 months 9% 4 to 6 months 8% 7 to 12 months 5% 1 to 2 years 1% More than two years 0% Extrapolated days Q17a. Do you expect MTTI to decrease (improve) over the next 12 months? Yes 29% No 71% Q17b. If yes, in percentage terms, how much of a decrease in MTTI do you anticipate? Less than 5% 7% 5% to 10% 33% 11% to 25% 35% 26% to 50% 17% 51% to 75% 7% 76% to 100% 0% Extrapolated value 20% Q17c. If yes, what steps is your organization taking to reduce MTTI? Increase security operations staff 41% Improve triage process 50% Introduce hunting team to look for attacks 33% Integrate threat intelligence into IR function 60% Implement new forensic security tools 40% Other (please specify) 1% Total 224% Ponemon Institute Research Report Page 25

27 Q18. Approximately, what is an average MTTC experienced by your organization in recent incidents? Your best guess is welcome. Q18a. For advanced threats: Less than 30 minutes 2% 31 to 60 minutes 5% 1 to 4 hours 5% 5 to 8 hours 11% 1 to 2 days 17% 3 to 7 days 14% 1 to 4 weeks 20% 1 to 3 months 14% 4 to 6 months 10% 7 to 12 months 3% 1 to 2 years 0% More than two years 0% Extrapolated value Q18b. For denial of services: Less than 30 minutes 5% 31 to 60 minutes 8% 1 to 4 hours 9% 5 to 8 hours 24% 1 to 2 days 20% 3 to 7 days 11% 1 to 4 weeks 8% 1 to 3 months 8% 4 to 6 months 6% 7 to 12 months 0% 1 to 2 years 0% More than two years 0% Extrapolated value Q19a. Do you expect MTTC to decrease (improve) over the next 12 months? Yes 32% No 68% Q19b. If yes, in percentage terms, how much of a decrease in MTTC do you anticipate? Less than 5% 23% 5% to 10% 41% 11% to 25% 25% 26% to 50% 9% 51% to 75% 2% 76% to 100% 0% Extrapolated value 13% Ponemon Institute Research Report Page 26

28 Q19c. If yes, what steps is your organization taking to reduce MTTC? Increase security operations staff 41% Improve triage process 49% Introduce hunting team to look for attacks 35% Integrate threat intelligence into IR function 57% Implement new forensic security tools 41% Other (please specify) 0% Total 222% Part 3. Cyber Kill Chain Q20. How familiar are you with the term Cyber Kill Chain? Very familiar 31% Familiar 29% Not familiar 16% No knowledge (skip to Q29) 24% Q21a. In your opinion, how difficult is it to stop or minimize advanced threats during the Reconnaissance phase of the kill chain? Impossible 31% Very difficult 29% Difficult 27% Not difficult 11% Easy 2% Q21b. Approximately, what percent of your organization s total security resources will go to stopping or minimizing advanced threats during the Reconnaissance phase of the cyber kill chain? 0% 64% 1% to 5% 19% 6% to 10% 13% 11% to 20% 3% 21% to 30% 1% 31% to 50% 0% 51% to 75% 0% 76% to 100% 0% Extrapolated value 2% Q21c. Using the 10-point scale, please rate your organization's ability to stop or minimize advance threats during the Reconnaissance phase of the kill chain. 1 or 2 (low) 62% 3 or 4 21% 5 or 6 10% 7 or 8 4% 9 or 10 (high) 2% Extrapolated value 2.76 Ponemon Institute Research Report Page 27

29 Q22a. In your opinion, how difficult is it to stop or minimize advance threats during the Weaponization phase of the kill chain? Impossible 12% Very difficult 32% Difficult 25% Not difficult 28% Easy 4% Q22b. Approximately, what percent of your organization s total security resources will go to stopping or minimizing advanced threats during the Weaponization phase of the cyber kill chain? 0% 4% 1% to 5% 16% 6% to 10% 26% 11% to 20% 33% 21% to 30% 14% 31% to 50% 5% 51% to 75% 1% 76% to 100% 0% Extrapolated value 14% Q22c. Using the 10-point scale, please rate your organization's ability to stop or minimize advance threats during the Weaponization phase of the kill chain. 1 or 2 (low) 13% 3 or 4 10% 5 or 6 29% 7 or 8 35% 9 or 10 (high) 12% Extrapolated value 6.00 Q23a. In your opinion, how difficult is it to stop or minimize advance threats during the Delivery phase of the kill chain? Impossible 5% Very difficult 26% Difficult 37% Not difficult 30% Easy 3% Ponemon Institute Research Report Page 28

30 Q23b. Approximately, what percent of your organization s total security resources will go to stopping or minimizing advanced threats during the Delivery phase of the cyber kill chain? 0% 4% 2% to 5% 16% 6% to 10% 26% 11% to 20% 33% 21% to 30% 12% 31% to 50% 5% 51% to 75% 1% 76% to 100% 0% Total 98% Extrapolated value 14% Q23c. Using the 10-point scale, please rate your organization's ability to stop or minimize advance threats during the Delivery phase of the kill chain. 1 or 2 (low) 6% 3 or 4 8% 5 or 6 24% 7 or 8 35% 9 or 10 (high) 27% Extrapolated value 6.92 Q24a. In your opinion, how difficult is it to stop or minimize advance threats during the Exploitation phase of the kill chain? Impossible 8% Very difficult 30% Difficult 33% Not difficult 29% Easy 0% Q24b. Approximately, what percent of your organization s total security resources will go to stopping or minimizing advanced threats during the Exploitation phase of the cyber kill chain? 0% 0% 1% to 5% 7% 6% to 10% 12% 11% to 20% 34% 21% to 30% 33% 31% to 50% 12% 51% to 75% 1% 76% to 100% 0% Extrapolated value 20% Ponemon Institute Research Report Page 29

31 Q24c. Using the 10-point scale, please rate your organization's ability to stop or minimize advance threats during the Exploitation phase of the kill chain. 1 or 2 (low) 1% 3 or 4 6% 5 or 6 22% 7 or 8 34% 9 or 10 (high) 36% Extrapolated value 7.44 Q25a. In your opinion, how difficult is it to stop or minimize advance threats during the Installation phase of the kill chain? Impossible 10% Very difficult 34% Difficult 35% Not difficult 18% Easy 2% Q25b. Approximately, what percent of your organization s total security resources will go to stopping or minimizing advanced threats during the Installation phase of the cyber kill chain? 0% 5% 1% to 5% 23% 6% to 10% 15% 11% to 20% 24% 21% to 30% 22% 31% to 50% 11% 51% to 75% 1% 76% to 100% 0% Extrapolated value 16% Q25c. Using the 10-point scale, please rate your organization's ability to stop or minimize advance threats during the Installation phase of the kill chain. 1 or 2 (low) 3% 3 or 4 11% 5 or 6 28% 7 or 8 40% 9 or 10 (high) 18% Extrapolated value 6.68 Q26a. In your opinion, how difficult is it to stop or minimize advance threats during the Command & Control (C2) phase of the kill chain? Impossible 1% Very difficult 25% Difficult 41% Not difficult 33% Easy 1% Ponemon Institute Research Report Page 30

32 Q26b. Approximately, what percent of your organization s total security resources will go to stopping or minimizing advanced threats during the Command & Control (C2) phase of the cyber kill chain? 0% 0% 1% to 5% 18% 6% to 10% 34% 11% to 20% 21% 21% to 30% 17% 31% to 50% 9% 51% to 75% 1% 76% to 100% 0% Extrapolated value 15% Q26c. Using the 10-point scale, please rate your organization's ability to stop or minimize advance threats during the Command & Control (C2) phase of the kill chain. 1 or 2 (low) 3% 3 or 4 11% 5 or 6 28% 7 or 8 40% 9 or 10 (high) 18% Extrapolated value 6.68 Q27a. In your opinion, how difficult is it to stop or minimize advance threats during the Actions on Objectives phase of the kill chain? Impossible 0% Very difficult 36% Difficult 41% Not difficult 22% Easy 1% Q27b. Approximately, what percent of your organization s total security resources will go to stopping or minimizing advanced threats during the Actions on Objectives phase of the cyber kill chain? 0% 0% 1% to 5% 10% 6% to 10% 18% 11% to 20% 32% 21% to 30% 27% 31% to 50% 11% 51% to 75% 1% 76% to 100% 0% Extrapolated value 19% Ponemon Institute Research Report Page 31

33 Q27c. Using the 10-point scale, please rate your organization's ability to stop or minimize advance threats during the Actions on Objectives phase of the kill chain. 1 or 2 (low) 6% 3 or 4 12% 5 or 6 31% 7 or 8 38% 9 or 10 (high) 13% Extrapolated value 6.29 Q28. What are the most promising technologies to stopping or minimizing advance threats during the seven phases of the kill chain? Please choose only your top three choices. Technologies that secure the perimeter 42% Technologies that provide intelligence about networks and traffic 64% Technologies that provide intelligence about attackers motivation and weak spots 40% Technologies that simplify the reporting of threats 13% Technologies that secure endpoints including mobile-connected devices 26% Technologies that minimize insider threats (including negligence) 5% Technologies that secure information assets 55% Technologies that isolate or sandbox malware infections 55% Total 300% Part 4. Budget Questions Q29. Approximately, what is the dollar range that best describes your organization s IT budget for 2015? < $1 million 0% $1 to 5 million 5% $6 to $10 million 14% $11 to $50 million 24% $51 to $100 million 34% $101 to $250 million 19% $251 to $500 million 3% > $500 million 1% Extrapolated value ($millions) Q30. Approximately, what percentage of the 2015 IT budget will go to IT security activities and investments? 0% 0% 1% to 5% 50% 6% to 10% 20% 11% to 20% 27% 21% to 30% 3% 31% to 50% 0% 51% to 75% 0% 76% to 100% 0% Extrapolated value 8% Ponemon Institute Research Report Page 32

34 Q31. Approximately, what percentage of the 2015 IT security budget will go to kill chain-related activities? 0% 10% 1% to 5% 7% 6% to 10% 9% 11% to 20% 27% 21% to 30% 25% 31% to 50% 14% 51% to 75% 6% 76% to 100% 1% Extrapolated value 22% Q32. The following table contains 4 budget or spending areas. Please allocate points to indicate the relative proportion of each area to the 2015 IT security budget for your organization. Note that the sum of your allocation must equal 100 points. Technologies 34 In-house personnel 37 Managed (third party) services 24 Other cash outlays 4 Total 100 Part 5. Role & Organizational Characteristics D1. What best describes your position or organizational level? Executive/VP 3% Director 16% Manager 19% Supervisor 16% Technician 36% Associate/staff 7% Consultant/contractor 2% Other (please specify) 1% D2. Check the primary person you or your supervisor reports to within your organization. Business owner 2% CEO/President 1% Chief Financial Officer 0% Chief Information Officer 60% Compliance Officer 8% Chief Privacy Officer 0% Director of Internal Audit 0% General Counsel 0% Chief Technology Officer 8% Human Resources VP 0% Chief Information Security Officer 16% Chief Risk Officer 4% Other (please specify) 1% Ponemon Institute Research Report Page 33

35 D3 (retail). What best describes your company s primary retail industry focus? Conventional retailer (stores) 37% Franchises 3% Internet retailer (websites) 34% Combination 19% tech 6% Other (please specify) 1% D3 (financial services). What best describes your company s primary FS industry focus? Banking 0% Investment management 0% Brokerage 0% Insurance 0% Payments 0% Financial tech 0% General services 0% Other (please specify) 0% Total 0% 0% D4. What is the worldwide headcount of your organization? < 500 5% 500 to 1,000 6% 1,001 to 5,000 13% 5,001 to 25,000 37% 25,001 to 75,000 20% > 75,000 20% Ponemon Institute Advancing Responsible Information Management Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant or improper questions. Ponemon Institute Research Report Page 34

A Study of Retail Banks & DDoS Attacks

A Study of Retail Banks & DDoS Attacks A Study of Retail Banks & DDoS Attacks Sponsored by Corero Network Security Independently conducted by Ponemon Institute LLC Publication Date: December 2012 Ponemon Institute Research Report A Study of

More information

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013

More information

The SQL Injection Threat Study

The SQL Injection Threat Study The SQL Injection Threat Study Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: April 2014 1 The SQL Injection Threat Study Presented by Ponemon Institute, April

More information

The Importance of Cyber Threat Intelligence to a Strong Security Posture

The Importance of Cyber Threat Intelligence to a Strong Security Posture The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report

More information

Exposing the Cybersecurity Cracks: A Global Perspective

Exposing the Cybersecurity Cracks: A Global Perspective Exposing the Cybersecurity Cracks: A Global Perspective Part I: Deficient, Disconnected & in the Dark Sponsored by Websense, Inc. Independently conducted by Ponemon Institute LLC Publication Date: April

More information

Risk & Innovation in Cybersecurity Investments. Sponsored by Lockheed Martin

Risk & Innovation in Cybersecurity Investments. Sponsored by Lockheed Martin Risk & Innovation in Cybersecurity Investments Sponsored by Lockheed Martin Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report Part 1. Introduction

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report

More information

The State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015

The State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015 The State of Data Security Intelligence Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report The State of Data Security

More information

2014: A Year of Mega Breaches

2014: A Year of Mega Breaches 2014: A Year of Mega Breaches Sponsored by Identity Finder Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report Part 1. Introduction 2014: A

More information

Is Your Company Ready for a Big Data Breach?

Is Your Company Ready for a Big Data Breach? Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication

More information

The Cost of Malware Containment

The Cost of Malware Containment The Cost of Malware Containment Sponsored by Damballa Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report The Cost of Malware Containment Ponemon

More information

The Challenge of Preventing Browser-Borne Malware

The Challenge of Preventing Browser-Borne Malware The Challenge of Preventing Browser-Borne Malware Sponsored by Spikes Security Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report Part 1.

More information

Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations

Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations Sponsored by AccessData Independently conducted by Ponemon Institute LLC Publication Date: February 2014 Ponemon Institute

More information

The Impact of Cybercrime on Business

The Impact of Cybercrime on Business The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted

More information

Reputation Impact of a Data Breach U.S. Study of Executives & Managers

Reputation Impact of a Data Breach U.S. Study of Executives & Managers Reputation Impact of a Data Breach U.S. Study of Executives & Managers Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon

More information

Data Security in the Evolving Payments Ecosystem

Data Security in the Evolving Payments Ecosystem Data Security in the Evolving Payments Ecosystem Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report

More information

Electronic Health Information at Risk: A Study of IT Practitioners

Electronic Health Information at Risk: A Study of IT Practitioners Electronic Health Information at Risk: A Study of IT Practitioners Sponsored by LogLogic Conducted by Ponemon Institute LLC October 15, 2009 Ponemon Institute Research Report Executive summary Electronic

More information

The Unintentional Insider Risk in United States and German Organizations

The Unintentional Insider Risk in United States and German Organizations The Unintentional Insider Risk in United States and German Organizations Sponsored by Raytheon Websense Independently conducted by Ponemon Institute LLC Publication Date: July 2015 2 Part 1. Introduction

More information

What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage

What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage Sponsored by ObserveIT Independently conducted by Ponemon Institute LLC June 2015 Ponemon Institute Research Report

More information

Global Insights on Document Security

Global Insights on Document Security Global Insights on Document Security Sponsored by Adobe Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report Global Insights on Document Security

More information

Data Breach: The Cloud Multiplier Effect

Data Breach: The Cloud Multiplier Effect Data Breach: The Cloud Multiplier Effect Sponsored by Netskope Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report Part 1. Introduction Data Breach:

More information

The SQL Injection Threat & Recent Retail Breaches

The SQL Injection Threat & Recent Retail Breaches The SQL Injection Threat & Recent Retail Breaches Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2014 1 Part 1. Introduction The SQL Injection Threat &

More information

Understanding Security Complexity in 21 st Century IT Environments:

Understanding Security Complexity in 21 st Century IT Environments: Understanding Security Complexity in 21 st Century IT Environments: A study of IT practitioners in the US, UK, France, Japan & Germany Sponsored by Check Point Software Technologies Independently conducted

More information

Achieving Security in Workplace File Sharing. Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014

Achieving Security in Workplace File Sharing. Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Achieving Security in Workplace File Sharing Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction Achieving

More information

Understaffed and at Risk: Today s IT Security Department. Sponsored by HP Enterprise Security

Understaffed and at Risk: Today s IT Security Department. Sponsored by HP Enterprise Security Understaffed and at Risk: Today s IT Security Department Sponsored by HP Enterprise Security Independently conducted by Ponemon Institute LLC Publication Date: February 2014 Ponemon Institute Research

More information

Aftermath of a Data Breach Study

Aftermath of a Data Breach Study Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath

More information

Data Security in Development & Testing

Data Security in Development & Testing Data Security in Development & Testing Sponsored by Micro Focus Independently conducted by Ponemon Institute LLC Publication Date: July 31, 2009 Ponemon Institute Research Report Data Security in Development

More information

The Cost of Web Application Attacks

The Cost of Web Application Attacks The Cost of Web Application Attacks Sponsored by Akamai Technologies Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report Part 1. Introduction The

More information

2015 Global Study on IT Security Spending & Investments

2015 Global Study on IT Security Spending & Investments 2015 Study on IT Security Spending & Investments Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Sponsored by Part 1. Introduction Security risks are pervasive and becoming

More information

Exposing the Cybersecurity Cracks: A Global Perspective

Exposing the Cybersecurity Cracks: A Global Perspective Exposing the Cybersecurity Cracks: A Global Perspective Part 2: Roadblocks, Refresh and Raising the Human Security IQ Sponsored by Websense Independently conducted by Ponemon Institute LLC Publication

More information

Efficacy of Emerging Network Security Technologies

Efficacy of Emerging Network Security Technologies Efficacy of Emerging Network Security Technologies Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part

More information

The State of Data Centric Security

The State of Data Centric Security The State of Data Centric Security Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report State of Data Centric Security

More information

Perceptions About Network Security Survey of IT & IT security practitioners in the U.S.

Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2011 Ponemon

More information

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T The Cost of Insecure Mobile Devices in the Workplace! Sponsored by AT&T Independently conducted by Ponemon Institute LLC Publication Date: March 2014 Part 1. Introduction The Cost of Insecure Mobile Devices

More information

Third Annual Study: Is Your Company Ready for a Big Data Breach?

Third Annual Study: Is Your Company Ready for a Big Data Breach? Third Annual Study: Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute

More information

Challenges of Cloud Information

Challenges of Cloud Information The Challenges of Cloud Information Governance: A Global Data Security Study Sponsored by SafeNet Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research

More information

Security Metrics to Manage Change: Which Matter, Which Can Be Measured?

Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Sponsored by FireMon Independently conducted by Ponemon Institute LLC Publication Date: April 2014 2 Security Metrics to Manage Change:

More information

Security of Paper Records & Document Shredding. Sponsored by Cintas. Independently conducted by Ponemon Institute LLC Publication Date: January 2014

Security of Paper Records & Document Shredding. Sponsored by Cintas. Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Security of Paper Records & Document Shredding Sponsored by Cintas Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction

More information

Cloud Security: Getting It Right

Cloud Security: Getting It Right Cloud Security: Getting It Right Sponsored by Armor Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute Research Report Cloud Security: Getting It Right Ponemon

More information

The Security Impact of Mobile Device Use by Employees

The Security Impact of Mobile Device Use by Employees The Security Impact of Mobile Device Use by Employees Sponsored by Accellion Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report The Security

More information

2012 Application Security Gap Study: A Survey of IT Security & Developers

2012 Application Security Gap Study: A Survey of IT Security & Developers 2012 Application Gap Study: A Survey of IT & s Research sponsored by Innovation Independently Conducted by Ponemon Institute LLC March 2012 1 2012 Application Gap Study: A Survey of IT & s March 2012 Part

More information

2015 Global Cyber Impact Report

2015 Global Cyber Impact Report 2015 Global Cyber Impact Report Sponsored by Aon Risk Services Independently conducted by Ponemon Institute LLC Publication Date: April 2015 2015 Global Cyber Impact Report Ponemon Institute, April 2015

More information

The State of Mobile Application Insecurity

The State of Mobile Application Insecurity The State of Mobile Application Insecurity Sponsored by IBM Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report Part 1. Introduction The State

More information

Cyber Security on the Offense: A Study of IT Security Experts

Cyber Security on the Offense: A Study of IT Security Experts Cyber Security on the Offense: A Study of IT Security Experts Co-authored with Radware Independently conducted by Ponemon Institute LLC Publication Date: November 2012 Ponemon Institute Research Report

More information

Global Survey on Social Media Risks Survey of IT & IT Security Practitioners

Global Survey on Social Media Risks Survey of IT & IT Security Practitioners 0 Global Survey on Social Media Risks Survey of IT & IT Security Practitioners Sponsored by Websense Independently conducted by Ponemon Institute LLC Publication Date: September 2011 1 Global Survey on

More information

The Post Breach Boom. Sponsored by Solera Networks. Independently conducted by Ponemon Institute LLC Publication Date: February 2013

The Post Breach Boom. Sponsored by Solera Networks. Independently conducted by Ponemon Institute LLC Publication Date: February 2013 The Post Breach Boom Sponsored by Solera Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part 1. Introduction The Post Breach

More information

How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States

How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date:

More information

The Importance of Senior Executive Involvement in Breach Response

The Importance of Senior Executive Involvement in Breach Response The Importance of Senior Executive Involvement in Breach Response Sponsored by HP Enterprise Security Services Independently conducted by Ponemon Institute LLC Publication Date: October 2014 The Importance

More information

The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners

The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners Sponsored by Vormetric Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon Institute

More information

Defining the Gap: The Cybersecurity Governance Study

Defining the Gap: The Cybersecurity Governance Study Defining the Gap: The Cybersecurity Governance Study Sponsored by Fidelis Cybersecurity Independently conducted by Ponemon Institute LLC Publication Date: June 2015 Ponemon Institute Research Report Defining

More information

The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season

The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season Sponsored by RSA Security Independently conducted by Ponemon Institute, LLC Publication Date: October 2013 Ponemon

More information

Sponsored by Zimbra. The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA

Sponsored by Zimbra. The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA Sponsored by Zimbra Independently conducted by Ponemon Institute LLC Publication Date: November 2014 Ponemon Institute

More information

Security of Cloud Computing Users Study

Security of Cloud Computing Users Study Security of Cloud Computing Users Study Sponsored by CA Technologies Independently conducted by Ponemon Institute, LLC Publication Date: March 2013 Security of Cloud Computing Users Study March 2013 Part

More information

Corporate Data: A Protected Asset or a Ticking Time Bomb?

Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb? Sponsored by Varonis Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report Corporate

More information

Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA)

Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA) Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA) Sponsored by Property Casualty Insurers Association of America Independently conducted by Ponemon Institute LLC Publication

More information

Breaking Bad: The Risk of Insecure File Sharing

Breaking Bad: The Risk of Insecure File Sharing Breaking Bad: The Risk of Insecure File Sharing Sponsored by Intralinks Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research Report Breaking Bad: The

More information

The State of USB Drive Security

The State of USB Drive Security The State of USB Drive Security U.S. survey of IT and IT security practitioners Sponsored by Kingston Independently conducted by Ponemon Institute LLC Publication Date: July 2011 Ponemon Institute Research

More information

State of Web Application Security U.S. Survey of IT & IT security practitioners

State of Web Application Security U.S. Survey of IT & IT security practitioners State of Web Application Security U.S. Survey of IT & IT security practitioners Sponsored by Cenzic & Barracuda Networks Independently conducted by Ponemon Institute LLC Publication Date: March 2011 Ponemon

More information

National Survey on Data Center Outages

National Survey on Data Center Outages National Survey on Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: 30 September 2010 Part 1. Executive Summary National Survey on Data Center Outages Ponemon Institute,

More information

State of IT Security Study of Utilities & Energy Companies

State of IT Security Study of Utilities & Energy Companies State of IT Security Study of Utilities & Energy Companies Sponsored by Q1 Labs Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report State of

More information

Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers

Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers Independently Conducted by Ponemon Institute LLC February 2012 Leading Practices in Behavioral

More information

2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition

2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition 2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition Sponsored by Silver Tail Systems Independently conducted by Ponemon Institute, LLC Publication Date: October 2012 Ponemon Institute

More information

Privacy and Security in a Connected Life: A Study of European Consumers

Privacy and Security in a Connected Life: A Study of European Consumers Privacy and Security in a Connected Life: A Study of European Consumers Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research

More information

The Fraud Report: How Fake Users Are Impacting Business

The Fraud Report: How Fake Users Are Impacting Business The Fraud Report: How Fake Users Are Impacting Business Sponsored by TeleSign Independently conducted by Ponemon Institute LLC Publication Date: November 2015 Ponemon Institute Research Report The Fraud

More information

APPLICATION SECURITY IN THE CHANGING RISK LANDSCAPE

APPLICATION SECURITY IN THE CHANGING RISK LANDSCAPE APPLICATION SECURITY IN THE CHANGING RISK LANDSCAPE INDEPENDENTLY CONDUCTED BY PONEMON INSTITUTE LLC, JULY 2016 Part 1. Introduction Ponemon Institute is pleased to present the results of Application Security

More information

Big Data Analytics in Cyber Defense

Big Data Analytics in Cyber Defense Big Data Analytics in Cyber Defense Sponsored by Teradata Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Big Data Analytics in Cyber

More information

State of SMB Cyber Security Readiness: UK Study

State of SMB Cyber Security Readiness: UK Study State of SMB Cyber Security Readiness: UK Study Sponsored by Faronics Independently conducted by Ponemon Institute LLC Publication Date: November 2012 Ponemon Institute Research Report Part 1. Introduction

More information

Achieving Data Privacy in the Cloud

Achieving Data Privacy in the Cloud Achieving Data Privacy in the Cloud Study of Information Technology Privacy and Compliance of Small to Medium-Sized Organizations in germany Sponsored by microsoft Independently Conducted by Ponemon Institute

More information

Privileged User Abuse & The Insider Threat

Privileged User Abuse & The Insider Threat Privileged User Abuse & The Insider Threat Commissioned by Raytheon Company Independently conducted by Ponemon Institute LLC Publication Date: May 2014 1 Privileged User Abuse & The Insider Threat Ponemon

More information

2015 Global Megatrends in Cybersecurity

2015 Global Megatrends in Cybersecurity 2015 Global Megatrends in Cybersecurity Sponsored by Raytheon Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report 2015 Global Megatrends in

More information

2014 State of Endpoint Risk. Sponsored by Lumension. Independently conducted by Ponemon Institute LLC Publication Date: December 2013

2014 State of Endpoint Risk. Sponsored by Lumension. Independently conducted by Ponemon Institute LLC Publication Date: December 2013 2014 State of Endpoint Risk Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: December 2013 Ponemon Institute Research Report 2014 State of Endpoint Risk Ponemon

More information

Enhancing Cybersecurity with Big Data: Challenges & Opportunities

Enhancing Cybersecurity with Big Data: Challenges & Opportunities Enhancing Cybersecurity with Big Data: Challenges & Opportunities Independently Conducted by Ponemon Institute LLC Sponsored by Microsoft Corporation November 2014 CONTENTS 2 3 6 9 10 Introduction The

More information

Cyber Threat Intelligence: Has to Be a Better Way

Cyber Threat Intelligence: Has to Be a Better Way Exchanging Cyber Threat Intelligence: There Has to Be a Better Way Sponsored by IID Independently conducted by Ponemon Institute LLC Publication Date: April 2014 Ponemon Institute Research Report Exchanging

More information

The Role of Governance, Risk Management & Compliance in Organizations

The Role of Governance, Risk Management & Compliance in Organizations The Role of Governance, Risk Management & Compliance in Organizations Study of GRC practitioners Sponsored by RSA, The Security Division of EMC Independently conducted by Ponemon Institute LLC Publication

More information

Security of Cloud Computing Providers Study

Security of Cloud Computing Providers Study Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary

More information

LiveThreat Intelligence Impact Report 2013

LiveThreat Intelligence Impact Report 2013 LiveThreat Intelligence Impact Report 2013 Sponsored by Independently conducted by Ponemon Institute LLC Publication Date: July 2013 Ponemon Institute Research Report Contents Part 1. Introduction 3 Executive

More information

Security of Cloud Computing Providers Study

Security of Cloud Computing Providers Study Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary

More information

Advanced Threat Protection with Dell SecureWorks Security Services

Advanced Threat Protection with Dell SecureWorks Security Services Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5

More information

Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners

Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Sponsored by McAfee Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research.

More information

Encryption in the Cloud

Encryption in the Cloud Encryption in the Cloud Who is responsible for data protection in the cloud? Sponsored by Thales e-security Independently conducted by Ponemon Institute LLC Publication Date: July 2012 Ponemon Institute

More information

Privacy and Security in a Connected Life: A Study of US Consumers

Privacy and Security in a Connected Life: A Study of US Consumers Privacy and Security in a Connected Life: A Study of US Consumers Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report

More information

Compliance Cost Associated with the Storage of Unstructured Information

Compliance Cost Associated with the Storage of Unstructured Information Compliance Cost Associated with the Storage of Unstructured Information Sponsored by Novell Independently conducted by Ponemon Institute LLC Publication Date: May 2011 Ponemon Institute Research Report

More information

IBM QRadar Security Intelligence: Evidence of Value

IBM QRadar Security Intelligence: Evidence of Value IBM QRadar Security Intelligence: Evidence of Value Independently conducted by Ponemon Institute LLC February 2014 Ponemon Institute Research Report Background IBM QRadar: Evidence of Value Ponemon Institute:

More information

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Cybersecurity Kill Chain William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Who Am I? Over 20 years experience with 17 years in the financial industry

More information

2015 Cost of Data Breach Study: United States

2015 Cost of Data Breach Study: United States 2015 Cost of Data Breach Study: United States Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC May 2015 Ponemon Institute Research Report 2015 1 Cost of Data Breach

More information

The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations

The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations Independently conducted by Ponemon Institute LLC Publication Date: 30 September 2010 Ponemon Institute Research Report Part

More information

Global Study on the State of Payment Data Security

Global Study on the State of Payment Data Security Global Study on the State of Payment Data Security 3 Introduction We are pleased to present the findings of The Global Study on the State of Payment Data Security Study conducted on behalf of Gemalto by

More information

The Human Factor in Data Protection

The Human Factor in Data Protection The Human Factor in Data Protection Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report The Human Factor in Data Protection

More information

The Aftermath of a Data Breach: Consumer Sentiment

The Aftermath of a Data Breach: Consumer Sentiment The Aftermath of a Data Breach: Consumer Sentiment Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2014 Ponemon Institute Research

More information

Privacy and Security in a Connected Life: A Study of US, European and Japanese Consumers

Privacy and Security in a Connected Life: A Study of US, European and Japanese Consumers Privacy and Security in a Connected Life: A Study of US, European and Japanese Consumers Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute

More information

Second Annual Benchmark Study on Patient Privacy & Data Security

Second Annual Benchmark Study on Patient Privacy & Data Security Second Annual Benchmark Study on Patient Privacy & Data Security Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: December 2011 Ponemon Institute Research Report

More information

2014 Cost of Data Breach Study: Global Analysis

2014 Cost of Data Breach Study: Global Analysis 2014 Cost of Data Breach Study: Global Analysis Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC May 2014 Ponemon Institute Research Report Part 1. Introduction 2014

More information

2015 State of the Endpoint Report: User-Centric Risk

2015 State of the Endpoint Report: User-Centric Risk 2015 State of the Endpoint Report: User-Centric Risk Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report 2015 State

More information

Third Annual Survey on Medical Identity Theft

Third Annual Survey on Medical Identity Theft Third Annual Survey on Medical Identity Theft Sponsored by Experian s ProtectMyID Independently conducted by Ponemon Institute LLC Publication Date: June 2012 Ponemon Institute Research Report Part 1:

More information

The Imprivata Report on the Economic Impact of Inefficient Communications in Healthcare

The Imprivata Report on the Economic Impact of Inefficient Communications in Healthcare The Imprivata Report on the Economic Impact of Inefficient Communications in Healthcare Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report The

More information

Security of Cloud Computing Users A Study of Practitioners in the US & Europe

Security of Cloud Computing Users A Study of Practitioners in the US & Europe Security of Cloud Computing Users A Study of Practitioners in the US & Europe Sponsored by CA Independently conducted by Ponemon Institute LLC Publication Date: 12 May 2010 Ponemon Institute Research Report

More information

Reputation Impact of a Data Breach Executive Summary

Reputation Impact of a Data Breach Executive Summary Reputation Impact of a Data Breach Executive Summary Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research

More information

Survey on the Governance of Unstructured Data. Independently Conducted and Published by Ponemon Institute LLC. Sponsored by Varonis Systems, Inc.

Survey on the Governance of Unstructured Data. Independently Conducted and Published by Ponemon Institute LLC. Sponsored by Varonis Systems, Inc. Survey on the Governance of Unstructured Data Independently Conducted and Published by Ponemon Institute LLC Sponsored by Varonis Systems, Inc. June 30, 2008 Please Do Not Quote Without Express Permission.

More information