Lockheed report: Most ill-prepared for cyberattacks

A recent report by Lockheed Martin and Ponemon Institute shows that organizations are largely not prepared to deal with cyber attacks.

Called "Intelligence Driven Cyber Defense," the report breaks down where respondents believe cyber threats are coming from, why their organizations are ill-equipped to deal with them and what they need to correct the problem.

Forty-three percent of respondents said that their security posture for combating attacks remains the same as it has been for years. Meanwhile, 75 percent of respondents said cyber attacks are becoming more severe and 68 percent said that attacks are becoming more frequent.

As for what the actual threats are, 37 percent said that the biggest threat is a malicious insider. Criminal syndicates are next in line, backed by 26 percent of respondents. Lesser reported threats are state-sponsored attackers (19 percent) and hacktivists (15 percent).

Of all of the damage that a cyber attack can cause, loss of intellectual property, including trade secrets, was ranked as the most negative consequence, with respondents rating it an average of 9.2 out of 10 in terms of severity. Following close behind are reputation damage (8.6/10), disruption of business process (8/10), productivity decline (7.2/10) and damage to critical infrastructure (6.8/10).

The main reason why organizations are not able to effectively defend against cyber attacks is because of the difficulty to disseminate threat intelligence to key stakeholders in a timely fashion, 84 percent of respondents said. Eighty-one percent said that another main reason is that cyber attacks have a high false positive rate. Other reasons are that the intelligence on the attacks is too old to be actionable (67 percent) and that the intelligence is inaccurate or incomplete (66 percent).

The problem lies in where the organization’s money is being funneled. Respondents said that the most pressing issues were related to user awareness about cyber threats (25 percent) and supply chain (24 percent); however, respondents said that mobile (34 percent) and cloud (25 percent) were receiving the most out of their organization’s budget.

To that end, 49 percent of respondents agreed that insufficient resources and budget issues are the biggest barrier to achieving stronger cybersecurity. The second biggest barrier is insufficient visibility of people and business processes, 45 percent of respondents said.

The report advises organizations to seek an “intelligence-driven cyber defense,” which it defines as the ability of an organization to thwart an attacker’s offensive maneuvers while maintaining its defensive position.

Respondents said that they would launch an intelligence-driven cyber defense if they had ample personnel to do so (65 percent) or the budget to do so (64 percent). Some respondents said that an intelligence-driven cyber defense is not considered a security-related policy (39 percent), and 19 percent said they do not have the technologies necessary to implement such a defense.

As for the organizations that do implement an intelligence-driven cyber defense, they use commercial threat intelligence feeds (69 percent) to do so. If not commercial threat intelligence feeds, then these organizations use collaborative threat intelligence groups, partnerships and forums, 37 percent said.

For a security intelligence tool to be effective, it should target the attacker’s weak spots, 72 percent said. Sixty-nine percent agreed that it should aim to neutralize attacks before they occur. A smaller percentage of respondents said that an effective intelligence tool should also slow down or halt the attacker’s computers (56 percent).

Lockheed Martin and Ponemon Institute recommend that organizations facing these problems adopt a Cyber Kill Chain, which the report defines as a life cycle approach that allows information security professionals to proactively remediate and mitigate advanced threats as part of the organization’s intelligence driven defense process. Sixty-seven percent of respondents said they are familiar with the term.