66 percent of large organisations not aware of any recent security incidents

Company argues that most of these organisations have likely experienced a breach.

  • Monday, 17th June 2013 Posted 11 years ago in by Phil Alsop

A recent survey conducted by Lancope, a leader in network visibility and security intelligence, revealed that over two thirds (66%) of large organisations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had. Commenting on this finding, Tom Cross, Lancope’s director of security research, says that it’s very unlikely that none of these organisations experienced incidents during that time frame: “Any system you connect to the Internet is going to be targeted by attackers very quickly thereafter. I would assert that if you’re unsure whether or not your organisation has had a security incident, the chances are very high that the answer is yes – and this is a significant problem.”


With the constant barrage of external scanning, phishing attacks and malware being served up by websites, not to mention sophisticated, targeted attacks and insider threats, large companies face a constant security challenge. “Any organisation needs to know whether or not they’ve been subject to a security breach, and if companies believe they have not, the question may be are they really aware of everything that is happening on their networks?” Cross adds.


The respondents to Lancope’s survey indicated that the most common incidents they were aware of were malware (18%) and DDoS (16%), with insider attacks coming in at 12%. “DDoS will break your infrastructure, which hopefully an organisation would know about pretty quickly. Similarly, malware is relatively easy to detect as your antivirus software will often find it on your network. Insider attacks are much less common in terms of total incident count compared to those launched by outsiders, but, on rare occasions, they can result in millions of dollars in losses.” Cross explains.
While 25% of respondents said that reputational damage was the worst impact that a security incident had on their organisation, 21% said they had suffered a financial loss and 13% had lost intellectual property. Interestingly, 38% of people said that they had seen no impact at all. Any security incident has some sort of impact on a company, be it having to clean up an infection or address whatever security issues led to it in the first place. Cost will hopefully be contained if an organisation has a good incident management program in place and can quickly identify which systems have been compromised. The average cost to a large organisation for its worst security breach in 2013 was £450,000 to £850,000.


With businesses constantly being pressured into allowing new technology within their enterprise, as well as enabling it to be functional and somehow fit it into the mould of existing infrastructure, it’s unsurprising that over 50% of companies felt that mobile devices/BYOD were the greatest security risk to their company. There’s a real need to be able to monitor these devices properly, understand their behaviour and detect if they have been infected. However it is hard to install software on end points and enforce policy. One way to address this problem is to look at it these devices from the network side. With better visibility into activity on the internal network, it is possible to identify infected devices, understand what they are doing in the environment and obtain an audit trail of network and host activity without having to install software agents on the devices themselves.


At 32%, the risk of insider threats is also a worry to large organisations, as is a lack of network visibility (28%). Most organisations have strong perimeter defences, designed to protect their networks against external attackers, but insufficient information to see what is happening within their network. By collecting audit trails of activity occurring within the internal network, organisations can gain a sense of control as to what is happening within their environment, enabling them to investigate potential insider incidents and be confident that they have effectively mitigated any risk. Other risks organisations were worried about were APTs (18%) and poor change management or operational controls (21%).