lolloj - Fotolia

Nation-state cyber attacks could target most organisations, survey shows

Only 47% of respondents to a security conference survey said confidence in their organisations’ ability to detect and respond to a cyber attack had risen in the past 12 months

Nearly two-thirds of organisations are potential targets for nation-state cyber attacks, according to a survey of more than 200 attendees of the Black Hat USA 2015 security conference in Las Vegas.

Some 86% of respondents of the survey conducted by security firm Tripwire said targeted attacks on their networks had either remained constant or increased in the past year.

While 43% of those polled said targeted attacks had increased by more than 20% to 40%, one-fifth said attacks had increased by at least 40% or more.

There has also been a significant increase in the number of successful cyber attacks in the past year, according to 41% of those polled.

Only 47% of the respondents said confidence in their organisations’ ability to detect and respond to a cyber attack had risen in the past 12 months, while 33% said confidence was unchanged, and 17% said confidence had decreased.

More than half also said they do not have the visibility necessary for accurate tracking of all the threats targeting their networks, with 38% saying they were unable to accurately track all threats because there are just too many.

In July 2015, a Ponemon Institute study showed that enterprises in Europe, the Middle East and Africa are spending 272 hours a week or nearly £516,000 a year on average dealing with false positive cyber security alerts.

Organisations are dealing with nearly 10,000 malware alerts a week, but only 22% are considered reliable and only 3.5% are deemed worthy of further investigation, the study revealed.

Many security industry experts believe that because successful cyber attacks have become inevitable, organisations should ensure that at least some of their security budgets is dedicated to building the capability to detect and respond to cyber intrusions, and not just to blocking attacks at the network perimeter. 

Read more about nation-state attacks

“Organisations know they are being actively targeted and that their current capabilities aren’t enough to consistently detect and defend against these attacks,” said Tim Erlin, director of IT security and risk strategy for Tripwire.

“While new defensive technologies are constantly being developed organisations are hard-pressed to deploy these new tools effectively,” he added.

According to Erlin, many organisations would do well to evaluate their investment in foundational security controls. “Although these controls are not new, they are the backbone of effective breach detection and response,” he said.

Read more on Hackers and cybercrime prevention