CYBERSECURITY

Lockheed report: Most ill-prepared for cyberattacks

A recent report by Lockheed Martin and Ponemon Institute shows that organizations are largely not prepared to deal with cyber attacks.

Called "Intelligence Driven Cyber Defense," the report breaks down where respondents believe cyber threats are coming from, why their organizations are ill-equipped to deal with them and what they need to correct the problem.

Forty-three percent of respondents said that their security posture for combating attacks remains the same as it has been for years. Meanwhile, 75 percent of respondents said cyber attacks are becoming more severe and 68 percent said that attacks are becoming more frequent.

As for what the actual threats are, 37 percent said that the biggest threat is a malicious insider. Criminal syndicates are next in line, backed by 26 percent of respondents. Lesser reported threats are state-sponsored attackers (19 percent) and hacktivists (15 percent).

cybersecurity chart

Of all of the damage that a cyber attack can cause, loss of intellectual property, including trade secrets, was ranked as the most negative consequence, with respondents rating it an average of 9.2 out of 10 in terms of severity. Following close behind are reputation damage (8.6/10), disruption of business process (8/10), productivity decline (7.2/10) and damage to critical infrastructure (6.8/10).

The main reason why organizations are not able to effectively defend against cyber attacks is because of the difficulty to disseminate threat intelligence to key stakeholders in a timely fashion, 84 percent of respondents said. Eighty-one percent said that another main reason is that cyber attacks have a high false positive rate. Other reasons are that the intelligence on the attacks is too old to be actionable (67 percent) and that the intelligence is inaccurate or incomplete (66 percent).

The problem lies in where the organization’s money is being funneled. Respondents said that the most pressing issues were related to user awareness about cyber threats (25 percent) and supply chain (24 percent); however, respondents said that mobile (34 percent) and cloud (25 percent) were receiving the most out of their organization’s budget.

To that end, 49 percent of respondents agreed that insufficient resources and budget issues are the biggest barrier to achieving stronger cybersecurity. The second biggest barrier is insufficient visibility of people and business processes, 45 percent of respondents said.

The report advises organizations to seek an “intelligence-driven cyber defense,” which it defines as the ability of an organization to thwart an attacker’s offensive maneuvers while maintaining its defensive position.

Respondents said that they would launch an intelligence-driven cyber defense if they had ample personnel to do so (65 percent) or the budget to do so (64 percent). Some respondents said that an intelligence-driven cyber defense is not considered a security-related policy (39 percent), and 19 percent said they do not have the technologies necessary to implement such a defense.

As for the organizations that do implement an intelligence-driven cyber defense, they use commercial threat intelligence feeds (69 percent) to do so. If not commercial threat intelligence feeds, then these organizations use collaborative threat intelligence groups, partnerships and forums, 37 percent said.

For a security intelligence tool to be effective, it should target the attacker’s weak spots, 72 percent said. Sixty-nine percent agreed that it should aim to neutralize attacks before they occur. A smaller percentage of respondents said that an effective intelligence tool should also slow down or halt the attacker’s computers (56 percent).

Lockheed Martin and Ponemon Institute recommend that organizations facing these problems adopt a Cyber Kill Chain, which the report defines as a life cycle approach that allows information security professionals to proactively remediate and mitigate advanced threats as part of the organization’s intelligence driven defense process. Sixty-seven percent of respondents said they are familiar with the term.

About the Author

Mark Hoover is a senior staff writer with Washington Technology. You can contact him at mhoover@washingtontechnology.com, or connect with him on Twitter at @mhooverWT.

Reader Comments

Fri, Feb 20, 2015 MATT SWIBEL

You can also map the consequences of the interconnected digital economy via separate Lockheed Martin supported research: http://cambridgeriskframework.com/page/25

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.