Threat Management Survey GLOBAL FINDINGS

Transcription

1 2011 Threat Management Survey GLOBAL FINDINGS

2

3 CONTENTS Introduction... 4 Methodology... 6 Finding 1: Enterprises lack confidence in their security posture... 8 Finding 2: Organizations struggling with timely analysis and response Finding 3: Top concerns are security intelligence and visibility Finding 4: Staffing problems top the list of issues impacting threat monitoring and response Key Recommendations Threat Management Survey 3

4 Introduction Nothing has the full attention of IT today like the need for security. Cybercrime is becoming simpler and more lucrative, encouraging more criminals to participate, and threats of all kinds are on the rise. Combined with the expanding list of initiatives, such as cloud computing, and the need to support mobile devices, IT s resources are being stretched thin. To see how they are responding to emerging threats, Symantec commissioned a survey of enterprises worldwide. The survey revealed that enterprises lack confidence in their security preparations. A majority do not feel well prepared to respond quickly to new and emerging threats. They simply don t have enough time or manpower to keep on top of emerging issues. Organizations are also concerned that they lack the ability to quickly analyze threats as they occur and respond effectively. Those that have sufficient staff, however, were much better prepared to deal with security issues. Security intelligence is another big issue for administrators, according to the majority of respondents. Up-to-date information is crucial in order to counter attacks and minimize damage from threats. No less important is the need for adequate visibility into the IT infrastructure, making accurate analysis possible. Staffing problems, however, lie at the heart of the threat management issue. Organizations with insufficient staff nearly half of them worldwide are unable to quickly mitigate threats and keep their infrastructure secure. And, making matters even more challenging, 9 out of 10 IT staffers are less than completely effective. For more information about any of the contents of this report, please contact your Symantec representative or visit 4 Threat Management Survey

5 Threat Management Survey 5

6 Methodology Symantec Commissioned Applied Research to field the Threat Management Survey in June of They contacted a total of 1,025 global enterprises with a minimum of 1,000 employees, across a variety of industries. Respondents were tactical IT, strategic IT and C-level professionals. The poll has a reliability of 95% confidence with +/- 3.1% margin of error. 6 Threat Management Survey

7 How many employees does your organization have worldwide? How many employees does your organization have worldwide? 1,000 to 2,499 33% 2,500 to 4,999 33% 5,000 or more 34% 0% 5% 10% 15% 20% 25% 30% 35% 40% Threat Management Survey 7

8 Finding 1 Enterprises lack confidence in their security posture As cybercriminals continue targeted attacks against enterprises, IT finds itself facing a continuous stream of security threats. The poll revealed that more than half (57 percent) lack confidence in their IT security staff s ability to respond to new and emerging threats. What is it that is causing this shaken confidence? There are several factors uncovered by the poll, one of which is insufficient security staff. A related issue identified by the poll is simply a lack of time. Nearly half (45 percent) reported that their staff has insufficient time to quickly and effectively deal with threats. Those who reported adequate manpower, on the other hand, were less likely to report a lack of confidence in their security. Security Confidence 8 Threat Management Survey

9 How confident are you that your IT security staff can handle new security threats in a timely and effective manner? How confident are you that your IT security staff can handle new security threats in a timely and effective manner? Very confident 19% Somewhat confident 25% Neutral 19% Somewhat concerned 18% Very concerned 20% 0% 5% 10% 15% 20% 25% 30% Top three factors keeping you from being able to handle new security threats in a timely and effective manner Top three factors keeping you from being able to handle new security threats in a timely and effective manner No access to latest information about new threats, vulnerabilities, etc. 36% Security staff lacks necessary experience/skill sets 39% Trouble responding to security incidents in a timely/effective manner 43% Staff doesn't have enough time 45% Trouble correlating/analyzing security alerts as they are happening 45% Not enough visibility into security across entire infrastructure 45% Insufficient security staff 46% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 45% 57% lack confidence in 46% indicated they have said they don t have ability to respond insufficient security time to handle new to new threats staff numbers security threats Threat Management Survey 9

10 Finding 2 Organizations struggling with timely analysis and response Among the many security challenges IT faces, which are rising to the top right now? It all boils down to two things they have been struggling with: quickly analyzing and understanding attacks in real time and then responding to those threats. The reason behind this, according to businesses surveyed, largely goes back to the staffing issues. Those organizations that are adequately staffed were less likely to report difficulties in analysis and response, by a margin of 9 to 14 percentage points. Simply having enough people means they can take the time to maintain crucial systems while dealing with threats as they come. The next question, then, is what lies behind the lack of staffing? When asked, 46 percent of respondents attributed the problem to recruiting challenges. While there may be plenty of job applicants, that doesn t mean that the applicants will have every skill their employers desire. Regardless of the number of staff members, more than a third stated that their security team lacks experience or the proper skill set to be completely effective. 10 Threat Management Survey

11 How would you characterize your security staffing levels at the current time? How would you characterize your security staffing levels at the current time? We are extremely overstaffed 4% We are somewhat overstaffed 11% We have just enough security staff 41% We are somewhat understaffed 32% We are extremely understaffed 11% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 0 What is keeping you from rating your security staffing as completely effective? Rank the following areas of cyber security staffing in terms of difficulty for your organization. What is keeping you from rating your security staffing as "completely effective?" Rank the following areas of cyber security staffing in terms of difficulty for your organization. (Average Ranks) Recruiting Retention Skill sets Experience Staff retirement Awareness Threat Management Survey 11

12 Finding 3 Top concerns are security intelligence and visibility IT administrators certainly have a lot on their plate. Between responding to moment-to-moment problems and trying to prepare for future needs, their resources are stretched thin. At the top of the list of IT concerns is the need for threat intelligence, according to two-thirds (68 percent) of respondents. Maintaining current, accurate intelligence forms the basis of an effective response plan. In addition, 49 percent of the professionals surveyed ranked visibility as one of their top two concerns. Due to the complexity of today s IT infrastructure, often combining physical and virtual elements, administrators recognize the potential for unmonitored holes in security. Despite the best efforts of IT, security events do happen. Nearly half (45 percent) of businesses indicated concern about properly correlating and analyzing attacks when they become aware of them. Top Security Concerns 12 Threat Management Survey

13 100% What aspect of security concerns you most? What aspect of security concerns you most? 90% 24% 17% 18% 80% 41% 70% 60% 50% 40% 27% 25% 28% 28% 28% 20% 25% % 20% 10% 0% 19% 38% 23% 27% 13% Security intelligence Security visibility Attack analysis Security response 68% say cutting edge Threat Intelligence has major impact on security posture 49% Visibility - evolution of new devices and applications create new openings possible to compromise Threat Management Survey 13

14 Finding 4 Staffing problems top the list of issues impacting threat monitoring and response Staffing problems top the list of issues impacting threat monitoring and response. It s hard to overstate the effect that inadequate staffing can have on an organization, and the survey highlights just how important it is. First, nearly half of organizations are understaffed, particularly among North American businesses. This insufficient security staff was cited by 46 percent of respondents as one of the top factors keeping them from being able to quickly and efficiently deal with new security threats. Not only are IT organizations reporting insufficient staff, but many of the people they do have are not effective. In fact, 66 percent of respondents who lack confidence in their ability to handle new security threats rated their staff as less than effective. Only four percent of those who lack confidence rated their staff as completely effective. Added to this is the problem that even if they can find the right staff, keeping them is also an issue. Retention ranked among the top two reasons, according to 42 percent of respondents. New Hires EXIT Staffing Issues 14 Threat Management Survey

15 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% What is keeping you from rating your security staffing as completely What is keeping effective? you from Rank rating the your following security areas staffing of cyber as security "completely staffing effective?" in terms of Rank difficulty the following for your areas organization. of cyber security staffing in terms of difficulty for your organization. 6% 19% 17% 16% 14% 10% 29% 14% 18% 18% 20% 23% 17% 16% 13% 18% 16% 15% 14% 18% 16% 18% 21% 15% 19% 15% 22% 12% 17% 15% 27% 29% 10% 9% 11% 15% Recruiting Retention Skill sets Experience Staff retirement Awareness % 42% said retention is one of are experiencing top problems whether challenges recruiting fully staffed or not 66% 39% said security staff is lacking rate their staff as necessary experience and less than effective skill sets Threat Management Survey 15

16 Key Recommendations Based on these findings, it s apparent that there are several serious security flaws in enterprises around the world. In order to mitigate these potential problems, Symantec has created the following recommendations to assist businesses of all sizes as they struggle with keeping data and resources safe in today s era of constant security threats. Build a comprehensive incident management program. Plan for all aspects of your incident management program, including technology, people and processes. In particular, be sure to consider the staffing requirements to maintain an effective program. Be vigilant about the changing threat landscape. With the accelerating rate of change in the external threat environment, many enterprises need to increase their attention on the latest developments to keep pace. Broaden the visibility across your infrastructure. Enterprise infrastructure is constantly evolving and new infrastructure trends, such as mobility, virtualization and cloud-based solutions, can open up new avenues for attacks. Maintain edge-to-endpoint visibility across your infrastructure to mitigate these new risks to protect information and identities. Evaluate systems for managing security information and alerts. The rising volume of security information and alerts is straining some organizations. These organizations should evaluate the technology, processes and staffing that are in place to storing, analyzing and acting on this data. 16 Threat Management Survey

17 Threat Management Survey 17