Advanced Threats in Retail Companies: A Study of North America & EMEA
|
|
- Imogen Gwen McBride
- 8 years ago
- Views:
Transcription
1 Advanced Threats in Companies: A Study of North America & EMEA Sponsored by Arbor Networks Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report
2 Part 1. Introduction Advanced Threats in Companies A Study of North America & EMEA 1 Ponemon Institute, May 2015 Ponemon Institute is pleased to present the results of Advanced Threats in Companies: A Study of North America & EMEA sponsored by Arbor Networks. In the wake of mega breaches experienced by retail companies, has the industry improved its ability to prevent or stop advanced threats (ATs)? Are they able to evaluate and measure the effectiveness of their incident response? Are they making the appropriate investments in technologies and expertise to avoid an AT or DDoS attack? In this research, we define ATs as a type of cyber attack designed to evade an organization s present technical and process countermeasures. For example, ATs are those that are specifically designed to bypass firewalls, intrusion detection systems and anti-malware programs. We surveyed 675 IT and IT security practitioners in North America and in 14 countries in Europe, Middle East & Africa (EMEA). To ensure a knowledgeable and quality response, only IT practitioners who are familiar with their companies defense against cybersecurity attacks and have responsibility in directing cybersecurity activities within their company were selected to participate in this study. As shown in Figure 1, respondents worry much more about ATs than DDoS attacks. Respondents also say ATs occur more frequently than DDoS attacks and it is much more difficult to detect and contain ATs than DDoS attacks, as discussed in this report. Following are key findings that reveal why retail companies are vulnerable to ATs: Rely on gut feel to determine if the company had a targeted AT. Only about one-third of companies represented in this study use incident response to contain the impact of ATs and DDoS attacks. Time to detect an attack is too long. It takes on average approximately 197 days to detect an AT. Only 29 percent expect this to improve over the next 12 months. More investment is needed in security operations staff and forensic tools to be able to investigate security incidents in a timely and effective manner. Those companies using the cyber kill chain approach to dealing with ATs are not allocating enough resources to those phases, such as reconnaissance, where it is most difficult to stop ATs. 1 North America includes Canada and the United States. EMEA countries include Denmark, France, Germany, Italy, Netherlands, Poland, Saudi Arabia, South Africa, Spain, Sweden, Switzerland, Turkey, United Arab Emirates and United Kingdom. Ponemon Institute Research Report Page 1
3 Part 2. Key findings The topics covered in this research include: Advanced threats and denial of service attacks in retail companies How companies deal with cyber attack incidents The Cyber Kill Chain and dealing with advanced threats Budget for advanced threats Industry differences: retail companies vs. financial services Advanced threats and denial of service attacks in retail companies Companies have an average of almost one serious cyber attack per month. In the context of this research, cyber attacks refer to all computer-based assaults on an organization s IT infrastructure, applications, databases and source data. Cyber attacks typically involve malicious software or code that seeks to infiltrate networks or infect endpoint devices. Attack methods may also involve malicious or criminal insiders. Based on the definition above, respondents believe their organization experienced almost eight cyber attacks in the past 12 months. Seventy-four percent of respondents say they were considered an AT and 50 percent of respondents say it was a denial of service (DDoS) attacks. As shown in Figure 2, although most respondents believe one or more of the attacks could have been an AT, it is mostly gut feel (38 percent of respondents) they rely upon. Forensic evidence (23 percent of respondents) and known signature of the attacker (21 percent of respondents) are also used to determine if it was an AT. In the case of DDoS, 31 percent of respondents say it was from forensic evidence informed be degradation of application or system performance followed by shared threat intelligence by customer or partner due to a lack of available internal resources (28 percent). Figure 2. How did you know the attack was an AT or DDoS? Gut feel Forensic evidence informed by degradation of application or system performance Known signature of the attacker Shared threat intelligence by customer or partner due to lack of available internal resources 24% 23% 21% 17% 16% 28% 31% 38% Other 2% 1% 0% 5% 10% 15% 20% 25% 30% 35% 40% How did you know that the attack was an AT? How did you know that the attack was a DDoS? Ponemon Institute Research Report Page 2
4 Companies have difficulty detecting and containing ATs and DDoS attacks. According to Figure 3, respondents agree they are more likely to have security technologies and personnel that are effective in quickly detecting advance threats than DDoS (44 percent vs. 39 percent). However, they are equally poor at containing these cyber attacks (38 percent and 39 percent, respectively). Figure 3. Perceptions about ATs and DDoS Strongly agree and agree response combine Security technologies and personnel are effective in quickly detecting advance threats 44% Security technologies and personnel are effective in quickly detecting denial of service attacks 39% Security technologies and personnel are effective in containing denial of service attacks 39% Security technologies and personnel are effective in containing advance threats 38% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Ponemon Institute Research Report Page 3
5 To deal with both types of attacks, most companies installed controls to prevent infiltration. When asked what steps their companies took to minimize or contain the impact of the AT and DDoS attacks, the most common was to install controls to prevent infiltration (42 percent and 41 percent of respondents) and installed controls to quickly detect and block infiltration (37 percent and 38 percent of respondents, respectively), as shown in Figure 4. Figure 4. Steps taken to minimize the impact of ATs and DDoS attacks More than one response permitted Installed controls to prevent infiltration Installed controls to quickly detect and block infiltration Implemented incident response procedures 42% 41% 37% 38% 34% 33% Established threat sharing with other companies or government entities Conducted specialized training for IT security team 17% 13% 13% 12% Other 1% 0% Steps taken to minimize or contain the impact of the AT 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% Steps taken to minimize or contain the impact of the DDoS attacked Ponemon Institute Research Report Page 4
6 How companies deal with cyber attack incidents How security incidents are investigated. In the context of this study, a security incident is an event that potentially results in adverse consequences to an organization s network or enterprise system. It also includes events that constitute violations of security policies, standardized procedures, or acceptable use policies by employees and other insiders. On average, SecOps and/or CSIRT teams in the companies represented in this study investigate 81 security incidents each month. The average number of employees in a company responsible for participating in responses to cybersecurity incidents is 11. According to Figure 5, the events most often considered a security incident are targeted attacks that result in the theft of customer data (99 percent of respondents), denial of service attacks (98 percent of respondents), targeted attacks that result in the theft of high-value intellectual properties (89 percent of respondents) and reported wrongdoing by employees (83 percent of respondents). Figure 5. What is considered a security incident Targeted attack that results in the theft of customer data Denial of service attack Targeted attack that results in the theft of highvalue intellectual properties Reported wrongdoing by employee Lost or stolen device Reported wrongdoing by third party 99% 98% 89% 83% 75% 69% Other 1% 0% 20% 40% 60% 80% 100% 120% Ponemon Institute Research Report Page 5
7 The majority of organizations use Mean Time to Identify (MTTI) and Mean Time to Contain (MTTC) metrics to determine the effectiveness of their organization s incident response process. Fifty-three percent of respondents use MTTI to measure the time it takes to detect that an incident has occurred. As shown in Figure 6, the findings reveal that the average time it takes to respond to an AT attack is almost 200 days. In contrast, the average MTTI for denial of services is approximately 39 days. Fifty-eight percent of respondents say they use the MTTC metric to understand how good they are at containing an attack. Again, it takes longer to deal with an advanced threat. The average MTTC for ATs is approximately 39 days. In contrast, the average MTTC for denial of services is approximately 18 days. Figure 6. The average time to detect and resolve an AT and DDoS Extrapolated value (days) MTTI for advanced threats MTTI for denial of service MTTC for advanced threats MTTC for denial of service Ponemon Institute Research Report Page 6
8 Steps to improve the time to detect and contain an attack are similar. Thirty-two percent of respondents anticipate MTTC will improve in the next 12 months. To achieve this improvement, 57 percent are integrating threat intelligence into the incident response function and 49 percent of respondents are improving their triage process Only 29 percent of respondents anticipate that MTTI will improve in the next 12 months. To achieve this improvement, 60 percent of respondents are integrating threat intelligence into the incident response process and 50 percent are improving their triage process, as revealed in Figure 7. Figure 7. Steps to improve MTTI & MTTC More than one response permitted Integrate threat intelligence into IR function 60% 57% Improve triage process 50% 49% Increase security operations staff Implement new forensic security tools Introduce hunting team to look for attacks 41% 41% 40% 41% 33% 35% Other 1% 0% 0% 10% 20% 30% 40% 50% 60% 70% Steps to improve MTTI Steps to improve MTTC Ponemon Institute Research Report Page 7
9 Cyber Kill Chain and dealing with advanced threats Cyber Kill Chain is a term familiar to a majority of respondents. Seventy-six percent of respondents understand the cyber kill chain, which refers to a life cycle approach that allows information security professionals to proactively remediate and mitigate advanced threats as part of the organization s intelligence-driven defense process. This process is organized into the following 7 phases: 1. Reconnaissance - Research, identification and selection of targets. 2. Weaponization - Coupling a remote access trojan with an exploit into a deliverable payload, typically by means of an automated tool (weaponizer). 3. Delivery - Transmission of the weapon to the targeted environment. 4. Exploitation - After the weapon is delivered to a victim s host, exploitation triggers the nefarious code. 5. Installation - Installation of a remote access trojan or backdoor on the victim s system allowing the adversary to maintain persistence inside the environment. 6. Command & control (C2) - Typically, compromised hosts must beacon outbound to an Internet controller server to establish a C2 channel. Once the C2 channel establishes, intruders have hands on the keyboard access inside the target environment. 7. Actions on objectives - After progressing through the first six phases, the intruders take actions to achieve their original objectives such as data exfiltration. Reconnaissance is the most difficult phase to stop or minimize ATs. The majority of respondents believe it is impossible, very difficult or difficult to deal with ATs in every phase of the kill chain. However, reconnaissance or the research, identification and section of targets, according to 87 percent of respondents, is the most challenging (Figure 8). Installation of a remote access Trojan or backdoor on the victim system allowing the adversary to maintain persistence inside the environment is the next most difficult phase. Figure 8. Ability to stop or minimize advance threats in each phase of the Cyber Kill Chain Impossible, very difficult and difficult response combined Reconnaissance 87% Installation Actions on Objectives Exploitation Weaponization Delivery Command & Control (C2) 79% 77% 71% 69% 68% 67% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Ponemon Institute Research Report Page 8
10 How much money is allocated for each phase of the Cyber Kill Chain? As shown in Figure 9, while the reconnaissance phase is the most difficult in dealing with ATs, it is also the phase that receives the least amount of resources (2 percent of the total security resources). Twenty percent of total IT security resources are applied to the exploitation phase when after the weapon is delivered to a victim s host, exploitation triggers the nefarious code. Nineteen percent is allocated to actions on objectives. Figure 9. Percentage of total IT total security resources for each cyber kill chain phase Exploitation Actions on Objectives 19% 20% Installation Command & Control (C2) Weaponization Delivery 16% 15% 14% 14% Reconnaissance 2% 0% 5% 10% 15% 20% 25% Extrapolated value Ponemon Institute Research Report Page 9
11 How capable are companies in stopping or minimizing ATs in each phase of the Cyber Kill Chain? As described above, the most difficult or impossible phase in which to stop ATs is the reconnaissance phase. As a result, only six percent of respondents rate their ability to stop or minimize ATs as high (7+ on a scale of 1 = lowest ability and 10 = the highest ability), as shown in Figure 10. In contrast 70 percent of respondents say their ability is highest in the exploitation phase, which receives the most resources. However, 62 percent rate their ability as very high in the delivery phase, which does not receive as much of the available resources. Figure 10. Ability to stop or minimize advanced threats in each phase On a scale of 1 = lowest ability to 10 = highest ability percentage of respondents who rated their ability 7+ Exploitation 70% Delivery Installation Command & Control (C2) 58% 58% 62% Actions on Objectives Weaponization 47% 51% Reconnaissance 6% 0% 10% 20% 30% 40% 50% 60% 70% 80% Ponemon Institute Research Report Page 10
12 The most promising technology to stop ATs is intelligence about network traffic, according to 64 percent of respondents. As shown in Figure 11, 55 percent of respondents say technologies that secure information assets and that isolate or sandbox malware infections are effective. Considered the least effective in the Cyber Kill Chain are the technologies that simplify the reporting of threats and those that minimize insider threats (including negligence). Figure 11. The most promising technologies to stop or minimize ATs Three responses permitted Technologies that provide intelligence about networks and traffic Technologies that isolate or sandbox malware infections Technologies that secure information assets 55% 55% 64% Technologies that secure the perimeter Technologies that provide intelligence about attackers motivation and weak spots Technologies that secure endpoints including mobile-connected devices 26% 42% 40% Technologies that simplify the reporting of threats 13% Technologies that minimize insider threats (including negligence) 5% 0% 10% 20% 30% 40% 50% 60% 70% Ponemon Institute Research Report Page 11
13 Budget for advanced threats defense Personnel and technologies receive the most budget. Respondents were asked to allocate 100 points to indicate the relative proportion of each area to the 2015 IT security budget for their organization. Thirty-seven points were allocated to in-house personnel followed by 34 points for technologies. This is followed by managed (third party) services (24 points) followed by cash outlays (4 points). Figure 12. Allocation of resources to defend against ATs Extrapolated value in days In-house personnel Technologies Managed (third party) services 4 Other cash outlays According to Table 1, the average total IT budget is approximately $81 million. Eight percent or approximately $6.5 million is allocated to IT security activities and investments. For those companies planning to use the cyber kill chain, approximately $1.4 million will be spent or 22 percent of the IT security budget. Table 1. The average budget for IT, IT security and Cyber Kill Chain Extrapolated value 2015 IT budget $81,250, IT security activities and investments (8 percent) $6,500, Cyber Kill Chain Activities (22 percent of the IT security budget) $1,430,000 Ponemon Institute Research Report Page 12
14 Industry differences: retail companies vs. financial services This research was conducted in both the financial and retail industry sectors. In the retail sector, 675 IT and IT security practitioners participated. These findings are presented in a companion report, Advanced Threats in the Industry: A Study of North America & EMEA IT Security Practitioners. Industry differences emerged that reveal how much more effective financial services companies are in managing and reducing the impact of ATs and DDoS attacks. Financial services are more confident in their ability to contain ATs and DDoS attacks. As shown in Figure 13, financial services are more confident than retail companies in containing both ATs and DDoS attacks. is more confident in containing ATs than DDoS attacks. Figure 13. Effectiveness in containing ATs and DDoS attacks On a scale of 1 = lowest ability to 10 = highest ability percentage of respondents who rated their ability 7+ 70% 63% 64% 60% 50% 44% 40% 30% 31% 20% 10% 0% Effectiveness in containing ATs Effectiveness in containing DDoS attacks Financial services Ponemon Institute Research Report Page 13
15 Financial services are more likely to measure the time it takes to detect and contain an AT. As shown in Figure 14, more financial services companies use time-dependent metrics. Forty percent of retail companies are not using these metrics to determine their effectiveness in responding to incidents. If they do use these measures, they are most likely to measure the time it takes to contain an attack. Figure 14. Time-dependent metrics used to determine incident response effectiveness 70% 60% 50% 40% 30% 20% 53% 62% 58% 66% 40% 28% 10% 5% 5% 0% MTTI MTTC Other We don t utilize timedependent operational metrics Financial services Financial services are faster to detect and contain an incident. It takes almost twice as long for retail companies to detect if an incident has occurred (196.5 days for retail companies vs for financial services, according to Figure 15. Financial services companies in this study are also faster to contain both ATs and DDoS attacks. Figure 15. Time it takes to detect and contain an AT Extrapolated value (days) Average MTTI experienced for advanced threats Average MTTI experienced for denial of service Average MTTC experienced for advanced threats Average MTTC experienced for denial of service Financial services Ponemon Institute Research Report Page 14
16 Financial services are more optimistic they can reduce the time to detect and contain attacks. According to Figure 16, in the next 12 months respondents in financial services are far more optimistic that they will improve their ability to detect and contain incidents. New Figure 16. Will MTTI and MTTC improve in the next 12 months? Yes response 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% 29% 42% Do you expect MTTI to decrease (improve) over the next 12 months? 32% 40% Do you expect MTTC to decrease (improve) over the next 12 months? Financial services The use of threat intelligence will be used to improve detection. To achieve a reduction in the time to detect an attack, both retail and financial services will integrate intelligence into the incident response time, as revealed in Figure 17. Financial services are more likely to hire security operations staff and introduce new forensic security tools. Figure 17. Steps taken to reduce the time it takes to detect attacks Integrate threat intelligence into IR function Improve triage process Increase security operations staff Implement new forensic security tools Introduce hunting team to look for attacks Other 1% 1% 41% 40% 33% 40% 60% 50% 55% 56% 60% 74% 0% 10% 20% 30% 40% 50% 60% 70% 80% Financial services Ponemon Institute Research Report Page 15
17 Threat intelligence is the number one step to reduce the time to contain attacks. In general, financial services companies are more likely to take steps to reduce the time to contain attacks, According to Figure 18, 73 percent of respondents in financial services will integrate threat intelligence into the incident response function and 57 percent of respondents in retail companies say they will do so. Again, financial services are more likely to implement new forensic security tools and hire more staff. Figure 18. Steps taken to reduce the time to contain attacks Integrate threat intelligence into IR function Improve triage process 57% 49% 53% 73% Implement new forensic security tools 41% 60% Increase security operations staff Introduce hunting team to look for attacks 41% 35% 41% 53% Other 0% 2% 0% 10% 20% 30% 40% 50% 60% 70% 80% Financial services Ponemon Institute Research Report Page 16
18 Part 3. Methods The sampling frame is composed of 17,000 IT and IT security practitioners in North America and in 14 countries in EMEA who are familiar with their companies defense against cybersecurity attacks and have responsibility in directing cybersecurity activities within their company. As shown in Table 2, 749 respondents completed the survey. Screening removed 74 surveys. The final sample was 675 surveys (or a 4.0 percent response rate). Table 2. Sample response Freq Pct% Total sampling frame 17, % Total returns % Rejected or screened surveys % Final sample % Pie Chart 1 reports the current position or organizational level of the respondents. More than half of respondents (54 percent) reported their current position as supervisory or above. Pie Chart 1. Current position or organizational level 3% 3% 7% 16% Executive/VP 36% 19% Director Manager Supervisor Technician Associate/staff Other 16% Pie Chart 2 identifies the primary person the respondent or their supervisor reports to. Sixty percent of respondents report to the chief information officer and 16 percent report to the chief information security officer. Pie Chart 2. The primary person you or your supervisor reports to 8% 4% 2% 2% Chief Information Officer 8% Chief Information Security Officer Chief Technology Officer 16% 60% Compliance Officer Chief Risk Officer Business owner Other Ponemon Institute Research Report Page 17
19 Pie Chart 3 reports the primary retail industry focus of respondents organizations. This chart identifies conventional retailer (37 percent) as the largest segment, followed by internet retailer (34 percent) and a combination (19 percent). Pie Chart 3. Primary retail industry focus 6% 3% 1% Conventional retailer 19% 37% Internet retailer Combination tech Franchises Other 34% According to Pie Chart 4, the majority of respondents (89 percent) are from organizations with a global headcount of 1,000 or more employees. Pie Chart 4. Worldwide headcount of the organization 20% 5% 6% 13% < to 1,000 1,001 to 5,000 20% 5,001 to 25,000 25,001 to 75,000 > 75,000 37% Ponemon Institute Research Report Page 18
20 Part 4. Caveats There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web-based surveys. Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument. Sampling frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are IT or IT security practitioners located in various organizations in North American and EMEA. We also acknowledge that the results may be biased by external events such as media coverage. We also acknowledge bias caused by compensating subjects to complete this research within a specified time period. Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide accurate responses. Ponemon Institute Research Report Page 19
21 Appendix: Detailed Survey Results The following tables provide the frequency or percentage frequency of responses to all survey questions contained in this study. All survey responses were captured in February Survey response Sampling frame 17,000 Total returns 749 Rejected or screened surveys 74 Final sample: Overall (n = 1519) North America (n = 808) and EMEA (n = 711) 675 Response rate 4.0% Screening Questions S1. How familiar are you with your organization s defense against cyber security attacks? Very familiar 39% Familiar 28% Somewhat familiar 33% No knowledge (Stop) 0% S2. Do you have any responsibility in directing cyber security activities within your organization? Yes, full responsibility 27% Yes, some responsibility 57% Yes, minimum responsibility 16% No responsibility (Stop) 0% Part 1. Attributions: Please rate the following statements using the five-point scale provided below each item. Q1a. My organization has security technologies and personnel that are effective in quickly detecting advance threats. Strongly agree 16% Agree 28% Unsure 26% Disagree 21% Strongly disagree 10% Q1b. My organization has security technologies and personnel that are effective in quickly detecting denial of service attacks. Strongly agree 14% Agree 25% Unsure 30% Disagree 22% Strongly disagree 9% Ponemon Institute Research Report Page 20
22 Q1c. My organization has security technologies and personnel that are effective in containing advance threats. Strongly agree 13% Agree 25% Unsure 32% Disagree 21% Strongly disagree 9% Q1d. My organization has security technologies and personnel that are effective in containing denial of service attacks. Strongly agree 15% Agree 24% Unsure 31% Disagree 19% Strongly disagree 11% Q1e. The greatest threats to my organization are targeted advanced attacks. Strongly agree 27% Agree 35% Unsure 26% Disagree 6% Strongly disagree 7% Q1f. The greatest threats to my organization are denial of service attacks. Strongly agree 25% Agree 28% Unsure 31% Disagree 10% Strongly disagree 6% Part 2. Incident Experience Q2. How many cyber attacks (see definition) has your organization experienced over the past 12 months? None (skip to Q11) 6% 1 to 2 6% 3 to 4 12% 5 to 6 22% 7 to 8 16% 9 to 10 19% More than 10 20% Extrapolated value 7.73 Q3. Do you consider any of the above attacks an advanced threat (AT)? Yes 74% No (skip to Q7) 26% Ponemon Institute Research Report Page 21
23 Q4. How did you know that the attack was an AT? Forensic evidence 23% Shared threat intelligence 16% Known signature of the attacker 21% Gut feel 38% Other (please specify) 2% Q5. What steps did your organization take to minimize or contain the impact of the AT? Implemented incident response procedures 34% Conducted specialized training for IT security team 13% Installed controls to prevent infiltration 42% Installed controls to quickly detect and block infiltration 37% Established threat sharing with other companies or government entities 17% Other (please specify) 1% Total 143% Q6. Using the following 10-point scale from 1 = low to 10 = high, please rate your organization s effectiveness in containing ATs? 1 or 2 11% 3 or 4 12% 5 or 6 33% 7 or 8 33% 9 or 10 11% Extrapolated value 5.94 Q7. Do you consider any of the cyber attacks (indicated in Q2) a denial of service (DDoS)? Yes 50% No (skip to Q11) 50% Q8. How did you know that the attack was a DDoS? Forensic evidence informed by degradation of application or system performance 31% Shared threat intelligence by customer or partner due to lack of available internal resources 28% Known signature of the attacker 17% Gut feel 24% Other (please specify) 1% Ponemon Institute Research Report Page 22
24 Q9. What steps did your organization take to minimize or contain the impact of the DDoS attack? Implemented incident response procedures 33% Conducted specialized training for IT security team 12% Installed controls to prevent infiltration 41% Installed controls to quickly detect and block infiltration 38% Established threat sharing with other companies or government entities 13% Other (please specify) 0% Total 138% Q10. Using the following 10-point scale from 1 = low to 10 = high, please rate your organization s effectiveness in containing DDoS attacks? 1 or 2 13% 3 or 4 21% 5 or 6 35% 7 or 8 13% 9 or 10 18% Extrapolated value 5.52 Q11. What is the full-time equivalent headcount of employees in your organization who are responsible for cyber security incident investigation, analysis and management? Less than 5 25% 5 to 10 30% 11 to 15 21% 16 to 20 16% 21 to 25 7% 26 to 30 0% More than 30 0% Extrapolated value Q12. From the list below, please select all the events or issues that your organization would consider a security incident? Lost or stolen device 75% Reported wrongdoing by employee 83% Reported wrongdoing by third party 69% Targeted attack that results in the theft of customer data 99% Targeted attack that results in the theft of high-value intellectual properties 89% Denial of service attack 98% Other (please specify) 1% None of the above 0% Total 514% Ponemon Institute Research Report Page 23
25 Q13. Approximately, how many security incidents are investigated by your organization s SecOps and/or CSIRT team each month? Less than 10 5% 10 to 25 18% 26 to 50 33% 51 to % 101 to % 251 to 500 5% More than 500 1% Extrapolated value Q14. What organizational group or team is responsible for incident investigation, analysis and management? Security operations team (SecOps) 48% Cyber security incident response team (CSIRT) 37% Both (shared responsibility) 11% Other (please specify) 4% Q15. What time-dependent metrics does your organization use to determine the effectiveness of your organization s incident response process? MTTI 53% MTTC 58% Other (please specify) 5% We don t utilize time-dependent operational metrics (skip to Q20) 40% Q16. Approximately, what is an average MTTI experienced by your organization in recent incidents? Your best guess is welcome. Q16a. For advanced threats: Less than 30 minutes 0% 31 to 60 minutes 0% 1 to 4 hours 0% 5 to 8 hours 1% 1 to 2 days 2% 3 to 7 days 5% 1 to 4 weeks 15% 1 to 3 months 19% 4 to 6 months 19% 7 to 12 months 19% 1 to 2 years 14% More than two years 6% Extrapolated days Ponemon Institute Research Report Page 24
26 Q16b. For denial of services: Less than 30 minutes 3% 31 to 60 minutes 6% 1 to 4 hours 5% 5 to 8 hours 16% 1 to 2 days 16% 3 to 7 days 17% 1 to 4 weeks 15% 1 to 3 months 9% 4 to 6 months 8% 7 to 12 months 5% 1 to 2 years 1% More than two years 0% Extrapolated days Q17a. Do you expect MTTI to decrease (improve) over the next 12 months? Yes 29% No 71% Q17b. If yes, in percentage terms, how much of a decrease in MTTI do you anticipate? Less than 5% 7% 5% to 10% 33% 11% to 25% 35% 26% to 50% 17% 51% to 75% 7% 76% to 100% 0% Extrapolated value 20% Q17c. If yes, what steps is your organization taking to reduce MTTI? Increase security operations staff 41% Improve triage process 50% Introduce hunting team to look for attacks 33% Integrate threat intelligence into IR function 60% Implement new forensic security tools 40% Other (please specify) 1% Total 224% Ponemon Institute Research Report Page 25
27 Q18. Approximately, what is an average MTTC experienced by your organization in recent incidents? Your best guess is welcome. Q18a. For advanced threats: Less than 30 minutes 2% 31 to 60 minutes 5% 1 to 4 hours 5% 5 to 8 hours 11% 1 to 2 days 17% 3 to 7 days 14% 1 to 4 weeks 20% 1 to 3 months 14% 4 to 6 months 10% 7 to 12 months 3% 1 to 2 years 0% More than two years 0% Extrapolated value Q18b. For denial of services: Less than 30 minutes 5% 31 to 60 minutes 8% 1 to 4 hours 9% 5 to 8 hours 24% 1 to 2 days 20% 3 to 7 days 11% 1 to 4 weeks 8% 1 to 3 months 8% 4 to 6 months 6% 7 to 12 months 0% 1 to 2 years 0% More than two years 0% Extrapolated value Q19a. Do you expect MTTC to decrease (improve) over the next 12 months? Yes 32% No 68% Q19b. If yes, in percentage terms, how much of a decrease in MTTC do you anticipate? Less than 5% 23% 5% to 10% 41% 11% to 25% 25% 26% to 50% 9% 51% to 75% 2% 76% to 100% 0% Extrapolated value 13% Ponemon Institute Research Report Page 26
28 Q19c. If yes, what steps is your organization taking to reduce MTTC? Increase security operations staff 41% Improve triage process 49% Introduce hunting team to look for attacks 35% Integrate threat intelligence into IR function 57% Implement new forensic security tools 41% Other (please specify) 0% Total 222% Part 3. Cyber Kill Chain Q20. How familiar are you with the term Cyber Kill Chain? Very familiar 31% Familiar 29% Not familiar 16% No knowledge (skip to Q29) 24% Q21a. In your opinion, how difficult is it to stop or minimize advanced threats during the Reconnaissance phase of the kill chain? Impossible 31% Very difficult 29% Difficult 27% Not difficult 11% Easy 2% Q21b. Approximately, what percent of your organization s total security resources will go to stopping or minimizing advanced threats during the Reconnaissance phase of the cyber kill chain? 0% 64% 1% to 5% 19% 6% to 10% 13% 11% to 20% 3% 21% to 30% 1% 31% to 50% 0% 51% to 75% 0% 76% to 100% 0% Extrapolated value 2% Q21c. Using the 10-point scale, please rate your organization's ability to stop or minimize advance threats during the Reconnaissance phase of the kill chain. 1 or 2 (low) 62% 3 or 4 21% 5 or 6 10% 7 or 8 4% 9 or 10 (high) 2% Extrapolated value 2.76 Ponemon Institute Research Report Page 27
29 Q22a. In your opinion, how difficult is it to stop or minimize advance threats during the Weaponization phase of the kill chain? Impossible 12% Very difficult 32% Difficult 25% Not difficult 28% Easy 4% Q22b. Approximately, what percent of your organization s total security resources will go to stopping or minimizing advanced threats during the Weaponization phase of the cyber kill chain? 0% 4% 1% to 5% 16% 6% to 10% 26% 11% to 20% 33% 21% to 30% 14% 31% to 50% 5% 51% to 75% 1% 76% to 100% 0% Extrapolated value 14% Q22c. Using the 10-point scale, please rate your organization's ability to stop or minimize advance threats during the Weaponization phase of the kill chain. 1 or 2 (low) 13% 3 or 4 10% 5 or 6 29% 7 or 8 35% 9 or 10 (high) 12% Extrapolated value 6.00 Q23a. In your opinion, how difficult is it to stop or minimize advance threats during the Delivery phase of the kill chain? Impossible 5% Very difficult 26% Difficult 37% Not difficult 30% Easy 3% Ponemon Institute Research Report Page 28
30 Q23b. Approximately, what percent of your organization s total security resources will go to stopping or minimizing advanced threats during the Delivery phase of the cyber kill chain? 0% 4% 2% to 5% 16% 6% to 10% 26% 11% to 20% 33% 21% to 30% 12% 31% to 50% 5% 51% to 75% 1% 76% to 100% 0% Total 98% Extrapolated value 14% Q23c. Using the 10-point scale, please rate your organization's ability to stop or minimize advance threats during the Delivery phase of the kill chain. 1 or 2 (low) 6% 3 or 4 8% 5 or 6 24% 7 or 8 35% 9 or 10 (high) 27% Extrapolated value 6.92 Q24a. In your opinion, how difficult is it to stop or minimize advance threats during the Exploitation phase of the kill chain? Impossible 8% Very difficult 30% Difficult 33% Not difficult 29% Easy 0% Q24b. Approximately, what percent of your organization s total security resources will go to stopping or minimizing advanced threats during the Exploitation phase of the cyber kill chain? 0% 0% 1% to 5% 7% 6% to 10% 12% 11% to 20% 34% 21% to 30% 33% 31% to 50% 12% 51% to 75% 1% 76% to 100% 0% Extrapolated value 20% Ponemon Institute Research Report Page 29
31 Q24c. Using the 10-point scale, please rate your organization's ability to stop or minimize advance threats during the Exploitation phase of the kill chain. 1 or 2 (low) 1% 3 or 4 6% 5 or 6 22% 7 or 8 34% 9 or 10 (high) 36% Extrapolated value 7.44 Q25a. In your opinion, how difficult is it to stop or minimize advance threats during the Installation phase of the kill chain? Impossible 10% Very difficult 34% Difficult 35% Not difficult 18% Easy 2% Q25b. Approximately, what percent of your organization s total security resources will go to stopping or minimizing advanced threats during the Installation phase of the cyber kill chain? 0% 5% 1% to 5% 23% 6% to 10% 15% 11% to 20% 24% 21% to 30% 22% 31% to 50% 11% 51% to 75% 1% 76% to 100% 0% Extrapolated value 16% Q25c. Using the 10-point scale, please rate your organization's ability to stop or minimize advance threats during the Installation phase of the kill chain. 1 or 2 (low) 3% 3 or 4 11% 5 or 6 28% 7 or 8 40% 9 or 10 (high) 18% Extrapolated value 6.68 Q26a. In your opinion, how difficult is it to stop or minimize advance threats during the Command & Control (C2) phase of the kill chain? Impossible 1% Very difficult 25% Difficult 41% Not difficult 33% Easy 1% Ponemon Institute Research Report Page 30
32 Q26b. Approximately, what percent of your organization s total security resources will go to stopping or minimizing advanced threats during the Command & Control (C2) phase of the cyber kill chain? 0% 0% 1% to 5% 18% 6% to 10% 34% 11% to 20% 21% 21% to 30% 17% 31% to 50% 9% 51% to 75% 1% 76% to 100% 0% Extrapolated value 15% Q26c. Using the 10-point scale, please rate your organization's ability to stop or minimize advance threats during the Command & Control (C2) phase of the kill chain. 1 or 2 (low) 3% 3 or 4 11% 5 or 6 28% 7 or 8 40% 9 or 10 (high) 18% Extrapolated value 6.68 Q27a. In your opinion, how difficult is it to stop or minimize advance threats during the Actions on Objectives phase of the kill chain? Impossible 0% Very difficult 36% Difficult 41% Not difficult 22% Easy 1% Q27b. Approximately, what percent of your organization s total security resources will go to stopping or minimizing advanced threats during the Actions on Objectives phase of the cyber kill chain? 0% 0% 1% to 5% 10% 6% to 10% 18% 11% to 20% 32% 21% to 30% 27% 31% to 50% 11% 51% to 75% 1% 76% to 100% 0% Extrapolated value 19% Ponemon Institute Research Report Page 31
33 Q27c. Using the 10-point scale, please rate your organization's ability to stop or minimize advance threats during the Actions on Objectives phase of the kill chain. 1 or 2 (low) 6% 3 or 4 12% 5 or 6 31% 7 or 8 38% 9 or 10 (high) 13% Extrapolated value 6.29 Q28. What are the most promising technologies to stopping or minimizing advance threats during the seven phases of the kill chain? Please choose only your top three choices. Technologies that secure the perimeter 42% Technologies that provide intelligence about networks and traffic 64% Technologies that provide intelligence about attackers motivation and weak spots 40% Technologies that simplify the reporting of threats 13% Technologies that secure endpoints including mobile-connected devices 26% Technologies that minimize insider threats (including negligence) 5% Technologies that secure information assets 55% Technologies that isolate or sandbox malware infections 55% Total 300% Part 4. Budget Questions Q29. Approximately, what is the dollar range that best describes your organization s IT budget for 2015? < $1 million 0% $1 to 5 million 5% $6 to $10 million 14% $11 to $50 million 24% $51 to $100 million 34% $101 to $250 million 19% $251 to $500 million 3% > $500 million 1% Extrapolated value ($millions) Q30. Approximately, what percentage of the 2015 IT budget will go to IT security activities and investments? 0% 0% 1% to 5% 50% 6% to 10% 20% 11% to 20% 27% 21% to 30% 3% 31% to 50% 0% 51% to 75% 0% 76% to 100% 0% Extrapolated value 8% Ponemon Institute Research Report Page 32
34 Q31. Approximately, what percentage of the 2015 IT security budget will go to kill chain-related activities? 0% 10% 1% to 5% 7% 6% to 10% 9% 11% to 20% 27% 21% to 30% 25% 31% to 50% 14% 51% to 75% 6% 76% to 100% 1% Extrapolated value 22% Q32. The following table contains 4 budget or spending areas. Please allocate points to indicate the relative proportion of each area to the 2015 IT security budget for your organization. Note that the sum of your allocation must equal 100 points. Technologies 34 In-house personnel 37 Managed (third party) services 24 Other cash outlays 4 Total 100 Part 5. Role & Organizational Characteristics D1. What best describes your position or organizational level? Executive/VP 3% Director 16% Manager 19% Supervisor 16% Technician 36% Associate/staff 7% Consultant/contractor 2% Other (please specify) 1% D2. Check the primary person you or your supervisor reports to within your organization. Business owner 2% CEO/President 1% Chief Financial Officer 0% Chief Information Officer 60% Compliance Officer 8% Chief Privacy Officer 0% Director of Internal Audit 0% General Counsel 0% Chief Technology Officer 8% Human Resources VP 0% Chief Information Security Officer 16% Chief Risk Officer 4% Other (please specify) 1% Ponemon Institute Research Report Page 33
35 D3 (retail). What best describes your company s primary retail industry focus? Conventional retailer (stores) 37% Franchises 3% Internet retailer (websites) 34% Combination 19% tech 6% Other (please specify) 1% D3 (financial services). What best describes your company s primary FS industry focus? Banking 0% Investment management 0% Brokerage 0% Insurance 0% Payments 0% Financial tech 0% General services 0% Other (please specify) 0% Total 0% 0% D4. What is the worldwide headcount of your organization? < 500 5% 500 to 1,000 6% 1,001 to 5,000 13% 5,001 to 25,000 37% 25,001 to 75,000 20% > 75,000 20% Ponemon Institute Advancing Responsible Information Management Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant or improper questions. Ponemon Institute Research Report Page 34
Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age
Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013
More informationA Study of Retail Banks & DDoS Attacks
A Study of Retail Banks & DDoS Attacks Sponsored by Corero Network Security Independently conducted by Ponemon Institute LLC Publication Date: December 2012 Ponemon Institute Research Report A Study of
More informationRisk & Innovation in Cybersecurity Investments. Sponsored by Lockheed Martin
Risk & Innovation in Cybersecurity Investments Sponsored by Lockheed Martin Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report Part 1. Introduction
More informationThe SQL Injection Threat Study
The SQL Injection Threat Study Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: April 2014 1 The SQL Injection Threat Study Presented by Ponemon Institute, April
More information2014: A Year of Mega Breaches
2014: A Year of Mega Breaches Sponsored by Identity Finder Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report Part 1. Introduction 2014: A
More informationExposing the Cybersecurity Cracks: A Global Perspective
Exposing the Cybersecurity Cracks: A Global Perspective Part I: Deficient, Disconnected & in the Dark Sponsored by Websense, Inc. Independently conducted by Ponemon Institute LLC Publication Date: April
More informationElectronic Health Information at Risk: A Study of IT Practitioners
Electronic Health Information at Risk: A Study of IT Practitioners Sponsored by LogLogic Conducted by Ponemon Institute LLC October 15, 2009 Ponemon Institute Research Report Executive summary Electronic
More informationThe Importance of Cyber Threat Intelligence to a Strong Security Posture
The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report
More informationThreat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations
Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations Sponsored by AccessData Independently conducted by Ponemon Institute LLC Publication Date: February 2014 Ponemon Institute
More informationData Security in the Evolving Payments Ecosystem
Data Security in the Evolving Payments Ecosystem Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report
More informationIs Your Company Ready for a Big Data Breach?
Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication
More informationThe State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015
The State of Data Security Intelligence Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report The State of Data Security
More informationThe Impact of Cybercrime on Business
The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted
More informationReputation Impact of a Data Breach U.S. Study of Executives & Managers
Reputation Impact of a Data Breach U.S. Study of Executives & Managers Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon
More informationWhat You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage
What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage Sponsored by ObserveIT Independently conducted by Ponemon Institute LLC June 2015 Ponemon Institute Research Report
More informationPerceptions About Network Security Survey of IT & IT security practitioners in the U.S.
Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2011 Ponemon
More informationThe Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T
The Cost of Insecure Mobile Devices in the Workplace! Sponsored by AT&T Independently conducted by Ponemon Institute LLC Publication Date: March 2014 Part 1. Introduction The Cost of Insecure Mobile Devices
More informationGlobal Insights on Document Security
Global Insights on Document Security Sponsored by Adobe Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report Global Insights on Document Security
More informationUnderstanding Security Complexity in 21 st Century IT Environments:
Understanding Security Complexity in 21 st Century IT Environments: A study of IT practitioners in the US, UK, France, Japan & Germany Sponsored by Check Point Software Technologies Independently conducted
More informationChallenges of Cloud Information
The Challenges of Cloud Information Governance: A Global Data Security Study Sponsored by SafeNet Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research
More informationThe State of Data Centric Security
The State of Data Centric Security Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report State of Data Centric Security
More information2015 Global Study on IT Security Spending & Investments
2015 Study on IT Security Spending & Investments Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Sponsored by Part 1. Introduction Security risks are pervasive and becoming
More informationThe SQL Injection Threat & Recent Retail Breaches
The SQL Injection Threat & Recent Retail Breaches Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2014 1 Part 1. Introduction The SQL Injection Threat &
More informationThe Cost of Web Application Attacks
The Cost of Web Application Attacks Sponsored by Akamai Technologies Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report Part 1. Introduction The
More informationData Security in Development & Testing
Data Security in Development & Testing Sponsored by Micro Focus Independently conducted by Ponemon Institute LLC Publication Date: July 31, 2009 Ponemon Institute Research Report Data Security in Development
More informationData Breach: The Cloud Multiplier Effect
Data Breach: The Cloud Multiplier Effect Sponsored by Netskope Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report Part 1. Introduction Data Breach:
More informationAchieving Security in Workplace File Sharing. Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014
Achieving Security in Workplace File Sharing Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction Achieving
More informationThe Unintentional Insider Risk in United States and German Organizations
The Unintentional Insider Risk in United States and German Organizations Sponsored by Raytheon Websense Independently conducted by Ponemon Institute LLC Publication Date: July 2015 2 Part 1. Introduction
More informationExposing the Cybersecurity Cracks: A Global Perspective
Exposing the Cybersecurity Cracks: A Global Perspective Part 2: Roadblocks, Refresh and Raising the Human Security IQ Sponsored by Websense Independently conducted by Ponemon Institute LLC Publication
More informationAftermath of a Data Breach Study
Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath
More informationUnderstaffed and at Risk: Today s IT Security Department. Sponsored by HP Enterprise Security
Understaffed and at Risk: Today s IT Security Department Sponsored by HP Enterprise Security Independently conducted by Ponemon Institute LLC Publication Date: February 2014 Ponemon Institute Research
More informationEfficacy of Emerging Network Security Technologies
Efficacy of Emerging Network Security Technologies Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part
More informationThird Annual Study: Is Your Company Ready for a Big Data Breach?
Third Annual Study: Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute
More informationCloud Security: Getting It Right
Cloud Security: Getting It Right Sponsored by Armor Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute Research Report Cloud Security: Getting It Right Ponemon
More informationSecurity Metrics to Manage Change: Which Matter, Which Can Be Measured?
Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Sponsored by FireMon Independently conducted by Ponemon Institute LLC Publication Date: April 2014 2 Security Metrics to Manage Change:
More information2012 Application Security Gap Study: A Survey of IT Security & Developers
2012 Application Gap Study: A Survey of IT & s Research sponsored by Innovation Independently Conducted by Ponemon Institute LLC March 2012 1 2012 Application Gap Study: A Survey of IT & s March 2012 Part
More informationThe State of Mobile Application Insecurity
The State of Mobile Application Insecurity Sponsored by IBM Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report Part 1. Introduction The State
More information2015 Global Cyber Impact Report
2015 Global Cyber Impact Report Sponsored by Aon Risk Services Independently conducted by Ponemon Institute LLC Publication Date: April 2015 2015 Global Cyber Impact Report Ponemon Institute, April 2015
More informationCyber Security on the Offense: A Study of IT Security Experts
Cyber Security on the Offense: A Study of IT Security Experts Co-authored with Radware Independently conducted by Ponemon Institute LLC Publication Date: November 2012 Ponemon Institute Research Report
More informationThe Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners
The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners Sponsored by Vormetric Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon Institute
More informationGlobal Survey on Social Media Risks Survey of IT & IT Security Practitioners
0 Global Survey on Social Media Risks Survey of IT & IT Security Practitioners Sponsored by Websense Independently conducted by Ponemon Institute LLC Publication Date: September 2011 1 Global Survey on
More informationSecurity of Paper Records & Document Shredding. Sponsored by Cintas. Independently conducted by Ponemon Institute LLC Publication Date: January 2014
Security of Paper Records & Document Shredding Sponsored by Cintas Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction
More informationThe Security Impact of Mobile Device Use by Employees
The Security Impact of Mobile Device Use by Employees Sponsored by Accellion Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report The Security
More informationThe Post Breach Boom. Sponsored by Solera Networks. Independently conducted by Ponemon Institute LLC Publication Date: February 2013
The Post Breach Boom Sponsored by Solera Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part 1. Introduction The Post Breach
More informationThe Importance of Senior Executive Involvement in Breach Response
The Importance of Senior Executive Involvement in Breach Response Sponsored by HP Enterprise Security Services Independently conducted by Ponemon Institute LLC Publication Date: October 2014 The Importance
More informationSecurity of Cloud Computing Users Study
Security of Cloud Computing Users Study Sponsored by CA Technologies Independently conducted by Ponemon Institute, LLC Publication Date: March 2013 Security of Cloud Computing Users Study March 2013 Part
More informationDefining the Gap: The Cybersecurity Governance Study
Defining the Gap: The Cybersecurity Governance Study Sponsored by Fidelis Cybersecurity Independently conducted by Ponemon Institute LLC Publication Date: June 2015 Ponemon Institute Research Report Defining
More informationThe 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season
The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season Sponsored by RSA Security Independently conducted by Ponemon Institute, LLC Publication Date: October 2013 Ponemon
More informationSponsored by Zimbra. The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA
The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA Sponsored by Zimbra Independently conducted by Ponemon Institute LLC Publication Date: November 2014 Ponemon Institute
More informationCorporate Data: A Protected Asset or a Ticking Time Bomb?
Corporate Data: A Protected Asset or a Ticking Time Bomb? Sponsored by Varonis Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report Corporate
More informationHow Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States
How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date:
More informationNational Survey on Data Center Outages
National Survey on Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: 30 September 2010 Part 1. Executive Summary National Survey on Data Center Outages Ponemon Institute,
More informationThe State of USB Drive Security
The State of USB Drive Security U.S. survey of IT and IT security practitioners Sponsored by Kingston Independently conducted by Ponemon Institute LLC Publication Date: July 2011 Ponemon Institute Research
More informationPerceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA)
Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA) Sponsored by Property Casualty Insurers Association of America Independently conducted by Ponemon Institute LLC Publication
More informationBreaking Bad: The Risk of Insecure File Sharing
Breaking Bad: The Risk of Insecure File Sharing Sponsored by Intralinks Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research Report Breaking Bad: The
More informationState of Web Application Security U.S. Survey of IT & IT security practitioners
State of Web Application Security U.S. Survey of IT & IT security practitioners Sponsored by Cenzic & Barracuda Networks Independently conducted by Ponemon Institute LLC Publication Date: March 2011 Ponemon
More information2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition
2012 Web Session Intelligence & Security Report: Business Logic Abuse Edition Sponsored by Silver Tail Systems Independently conducted by Ponemon Institute, LLC Publication Date: October 2012 Ponemon Institute
More informationState of IT Security Study of Utilities & Energy Companies
State of IT Security Study of Utilities & Energy Companies Sponsored by Q1 Labs Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report State of
More informationPrivacy and Security in a Connected Life: A Study of European Consumers
Privacy and Security in a Connected Life: A Study of European Consumers Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research
More informationLeading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers
Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers Independently Conducted by Ponemon Institute LLC February 2012 Leading Practices in Behavioral
More informationBig Data Analytics in Cyber Defense
Big Data Analytics in Cyber Defense Sponsored by Teradata Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Big Data Analytics in Cyber
More informationState of SMB Cyber Security Readiness: UK Study
State of SMB Cyber Security Readiness: UK Study Sponsored by Faronics Independently conducted by Ponemon Institute LLC Publication Date: November 2012 Ponemon Institute Research Report Part 1. Introduction
More informationThe Fraud Report: How Fake Users Are Impacting Business
The Fraud Report: How Fake Users Are Impacting Business Sponsored by TeleSign Independently conducted by Ponemon Institute LLC Publication Date: November 2015 Ponemon Institute Research Report The Fraud
More informationAchieving Data Privacy in the Cloud
Achieving Data Privacy in the Cloud Study of Information Technology Privacy and Compliance of Small to Medium-Sized Organizations in germany Sponsored by microsoft Independently Conducted by Ponemon Institute
More information2015 Global Megatrends in Cybersecurity
2015 Global Megatrends in Cybersecurity Sponsored by Raytheon Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report 2015 Global Megatrends in
More information2014 State of Endpoint Risk. Sponsored by Lumension. Independently conducted by Ponemon Institute LLC Publication Date: December 2013
2014 State of Endpoint Risk Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: December 2013 Ponemon Institute Research Report 2014 State of Endpoint Risk Ponemon
More informationPrivileged User Abuse & The Insider Threat
Privileged User Abuse & The Insider Threat Commissioned by Raytheon Company Independently conducted by Ponemon Institute LLC Publication Date: May 2014 1 Privileged User Abuse & The Insider Threat Ponemon
More informationSecurity of Cloud Computing Providers Study
Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary
More informationThe Role of Governance, Risk Management & Compliance in Organizations
The Role of Governance, Risk Management & Compliance in Organizations Study of GRC practitioners Sponsored by RSA, The Security Division of EMC Independently conducted by Ponemon Institute LLC Publication
More informationSecurity of Cloud Computing Providers Study
Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary
More informationLiveThreat Intelligence Impact Report 2013
LiveThreat Intelligence Impact Report 2013 Sponsored by Independently conducted by Ponemon Institute LLC Publication Date: July 2013 Ponemon Institute Research Report Contents Part 1. Introduction 3 Executive
More informationEnhancing Cybersecurity with Big Data: Challenges & Opportunities
Enhancing Cybersecurity with Big Data: Challenges & Opportunities Independently Conducted by Ponemon Institute LLC Sponsored by Microsoft Corporation November 2014 CONTENTS 2 3 6 9 10 Introduction The
More informationAdvanced Threat Protection with Dell SecureWorks Security Services
Advanced Threat Protection with Dell SecureWorks Security Services Table of Contents Summary... 2 What are Advanced Threats?... 3 How do advanced threat actors operate?... 3 Addressing the Threat... 5
More informationCyber Threat Intelligence: Has to Be a Better Way
Exchanging Cyber Threat Intelligence: There Has to Be a Better Way Sponsored by IID Independently conducted by Ponemon Institute LLC Publication Date: April 2014 Ponemon Institute Research Report Exchanging
More informationCybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015
Cybersecurity Kill Chain William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015 Who Am I? Over 20 years experience with 17 years in the financial industry
More information2015 Cost of Data Breach Study: United States
2015 Cost of Data Breach Study: United States Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC May 2015 Ponemon Institute Research Report 2015 1 Cost of Data Breach
More informationCompliance Cost Associated with the Storage of Unstructured Information
Compliance Cost Associated with the Storage of Unstructured Information Sponsored by Novell Independently conducted by Ponemon Institute LLC Publication Date: May 2011 Ponemon Institute Research Report
More informationBest Practices in Data Protection Survey of U.S. IT & IT Security Practitioners
Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Sponsored by McAfee Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research.
More informationThe Aftermath of a Data Breach: Consumer Sentiment
The Aftermath of a Data Breach: Consumer Sentiment Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2014 Ponemon Institute Research
More informationEncryption in the Cloud
Encryption in the Cloud Who is responsible for data protection in the cloud? Sponsored by Thales e-security Independently conducted by Ponemon Institute LLC Publication Date: July 2012 Ponemon Institute
More informationPrivacy and Security in a Connected Life: A Study of US, European and Japanese Consumers
Privacy and Security in a Connected Life: A Study of US, European and Japanese Consumers Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute
More informationIBM QRadar Security Intelligence: Evidence of Value
IBM QRadar Security Intelligence: Evidence of Value Independently conducted by Ponemon Institute LLC February 2014 Ponemon Institute Research Report Background IBM QRadar: Evidence of Value Ponemon Institute:
More information2014 Cost of Data Breach Study: Global Analysis
2014 Cost of Data Breach Study: Global Analysis Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC May 2014 Ponemon Institute Research Report Part 1. Introduction 2014
More information2015 State of the Endpoint Report: User-Centric Risk
2015 State of the Endpoint Report: User-Centric Risk Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report 2015 State
More informationThe TCO for Full Disk Encryption Studies in the US, UK, Germany & Japan
The TCO for Full Disk Encryption Studies in the US, UK, Germany & Japan Sponsored by WinMagic Independently conducted by Ponemon Institute LLC Publication Date: July 2012 Ponemon Institute Research Report
More informationSurvey on the Governance of Unstructured Data. Independently Conducted and Published by Ponemon Institute LLC. Sponsored by Varonis Systems, Inc.
Survey on the Governance of Unstructured Data Independently Conducted and Published by Ponemon Institute LLC Sponsored by Varonis Systems, Inc. June 30, 2008 Please Do Not Quote Without Express Permission.
More informationThe Human Factor in Data Protection
The Human Factor in Data Protection Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report The Human Factor in Data Protection
More informationSecond Annual Benchmark Study on Patient Privacy & Data Security
Second Annual Benchmark Study on Patient Privacy & Data Security Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: December 2011 Ponemon Institute Research Report
More informationThe Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations
The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations Independently conducted by Ponemon Institute LLC Publication Date: 30 September 2010 Ponemon Institute Research Report Part
More information2013 Study on Data Center Outages
2013 Study on Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: September 2013 2013 Study on Data Center Outages Ponemon Institute, September 2013 Part 1. Introduction
More informationThird Annual Survey on Medical Identity Theft
Third Annual Survey on Medical Identity Theft Sponsored by Experian s ProtectMyID Independently conducted by Ponemon Institute LLC Publication Date: June 2012 Ponemon Institute Research Report Part 1:
More informationGlobal Study on the State of Payment Data Security
Global Study on the State of Payment Data Security 3 Introduction We are pleased to present the findings of The Global Study on the State of Payment Data Security Study conducted on behalf of Gemalto by
More informationData Loss Risks During Downsizing As Employees Exit, so does Corporate Data
Data Loss Risks During Downsizing As Employees Exit, so does Corporate Data Independently conducted by Ponemon Institute LLC Publication Date: February 23, 2009 Sponsored by Symantec Corporation Ponemon
More information2015 Cost of Data Breach Study: Global Analysis
2015 Cost of Data Breach Study: Global Analysis Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC May 2015 Ponemon Institute Research Report Part 1. Introduction 2015
More informationThe End Endorsed Devices pose a Large Security Risk to Your Organization
2013 State of the Endpoint Sponsored by Lumension Independently conducted by Ponemon Institute LLC Publication Date: December 2012 Ponemon Institute Research Report 2013 State of the Endpoint Ponemon Institute:
More informationSecurity of Cloud Computing Users A Study of Practitioners in the US & Europe
Security of Cloud Computing Users A Study of Practitioners in the US & Europe Sponsored by CA Independently conducted by Ponemon Institute LLC Publication Date: 12 May 2010 Ponemon Institute Research Report
More informationReputation Impact of a Data Breach Executive Summary
Reputation Impact of a Data Breach Executive Summary Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research
More information