More than half of set of surveyed senior IT security professionals said that they were unsure whether their IT staff could detect the presence of an attacker who was attempting to breach their network or extract private data.
According to a survey of nearly 200 professionals by Lieberman Software, 52 per cent said that they were “not confident” that that their IT staff could detect the presence of an attacker who was attempting to breach their network or extract private data. Also, 63 per cent of respondents believed that a state-sponsored hacker would attempt to breach their organisation in the next six months and in order to try and combat that, 90 per cent had made efforts to protect themselves.
The survey also found that 90 per cent had given their users some training to protect against advanced persistent threats (APTs), while the same number had also added new security appliances and 89 per cent had carried out endpoint testing to protect against APTs. Also, 81 per cent of respondents’ organisations carry out pen testing to protect against APTs.
In previously research on the same group, Lieberman found that 74 per cent of respondents were not confident that their own corporate network has not already been breached by a foreign state-sponsored hacker, and 58 per cent believed that they were losing the battle against state-sponsored attacks.
Philip Lieberman, president and CEO of Lieberman Software, said: “The threat of state-sponsored attacks is extremely serious for government and commercial entities. The majority of organisations are prepared for amateur hackers and low-level criminals, but are completely ill-equipped to deal with today’s advanced nation-state foes.
“Many state-sponsored attackers can now create perfect email attacks that insert remote control software onto corporate networks. Most corporations and government agencies would benefit from better security training, documented security processes, and enterprise-level products that can manage and secure powerful privileged accounts that grant access to critical IT assets.”
He also welcomed the research acknowledging what a challenge APTs were, and said that the fact that businesses are willing to do something about it proves that this is no smokescreen.
“As our survey found, almost 90 per cent of the senior IT security professionals we spoke to at Black Hat had invested in penetration testing services or education of users and it is good to see such a high number making preparations for the worst eventuality,” he said.
“What was also striking was that more than a third felt that their current IT infrastructure was insufficient in the face of a heavy-set attack, yet not all of the respondents were prepared to do something about it. I wonder if they feel that sitting tight and hoping for the best is efficient and sufficient protection.”