Finance and retail organisations rate advanced cyber threats as the most serious challenge, yet both sectors struggle to identify attacks inside their networks, a study has revealed.
Identifying attacks in progress takes financial services firms up to 98 days, while retailers take up to 197 days, according to the Ponemon Institute study sponsored by Arbor Networks.
The study also revealed that 58% of financial services firms and 71% of retailers said they are not optimistic about their ability to improve these results in the coming year.
The study said this is alarming considering the number of attacks targeting these sectors, with 83% of finance firms and 44% of retailers experiencing more than 50 cyber attacks a month.
“The big takeaway from our research is that more investment is needed in both security operations staff and in security tools, which can help companies efficiently and accurately detect and respond to security incidents,” said Ponemon Institute chairman and founder Larry Ponemon.
“The time to detect an advanced threat is far too long; attackers are getting in and staying long enough that the damage caused is often irreparable,” he added.
Arbor Networks president Matthew Moynahan said organisations need to find a better balance between technology systems, usability, workflow and the people who use them.
“As security vendors, we need to help our customers so they can adapt to this new cyber security reality that balances the threats with the people who fight them every day,” he said.
The Ponemon Institute surveyed financial services firms and retailers in North America, Europe, the Middle East and Africa.
Greater investment needed
Key findings in the financial services sector included that 71% of organisations polled view technologies that provide intelligence about networks and traffic as most promising at stopping or minimising advanced threats during all phases of an attack.
But the study showed that only 45% have implemented incident response procedures, and only 43% have established threat-sharing agreements with other companies or government groups.
More than half of financial services firms consider distributed denial-of-service (DDoS) attacks as an advanced threat, but only 48% say they are effective in containing DDoS attacks, and only 45% have established threat-sharing agreements to minimise or contain the impact of DDoS attacks.
Read more about retail sector security
On average, 40% of financial services firms’ IT budgets are allocated to technology; 37% to staffing and 20% to managed services.
Among retailers, 64% view technologies that provide intelligence about networks and traffic as most promising at stopping or minimising advance threats, but only 34% have implemented incident response procedures, and only 17% have threat-sharing agreements in place.
Half of retail organisations polled consider DDoS attacks as an advanced threat, but only 39% say they are effective in containing DDoS attacks, and only 13% have threat-sharing agreements to minimise or contain the impact of DDoS attacks
Among retailers, 34% of the IT budget is allocated to technology; 27% to Staffing and 34% to managed services.
“Although traditionally banks and retailers have extremely good security posture, due to the amount of customer data they hold, it is clear that security is still a serious problem for these organisations,” said Fujitsu enterprise and cyber security solutions architect in the UK and Ireland, Rob Lay.
“Businesses need to feel confident in their security and should put greater investment into tools to help combat these advancing threats and provide better visibility – rather than allowing them to dwell inside the network,” he said.
According to Lay, multi-layered security to help combat both volumetric and stealthy attacks, alongside better cyber hygiene, will go a long way in cutting down advanced threats in their path.
“This also shows that businesses need a well-defined incident response process in place so that as soon as any breach or incident is detected, it can be quickly and effectively resolved so that there is as little ongoing disruption to the business as possible,” he said.
Read more about financial sector security
The best way to mitigate risk is to assume that an attack is already occurring, said Cisco's director of cyber security in the UK and Ireland, Terry Greer-King.
“This requires adopting an approach to security that addresses the entire attack continuum – before, during and after,” he said.
Recent research from Cisco revealed that companies with a low level of security sophistication are characterised by unpredictable, ad-hoc and often reactive security processes.
“In striving to mitigate external threats and reduce dwell time, companies must invest in a holistic approach to security. This starts with the executive leadership team prioritising security as a business risk,” said Greer-King.
Cisco’s Annual Security Report revealed that 91% of organisations with sophisticated security processes believe their company’s executives consider security as a high priority.
“While deploying and continually optimising security policies and procedures is undeniably essential, it is equally important to ensure they are well documented, and clearly understood by each employee and every user,” said Greer-King.
“In doing so, employees themselves will be educated and motivated to adhere to the organisation’s security processes and accept responsibility on the individual level.
“Considering Cisco research exposes employee behaviour as the second-greatest risk to organisational security, following cyber crime, this is absolutely critical,” he added.