SOURCE: IID

IID

November 04, 2015 10:04 ET

Survey Finds 47% of Companies and Government Agencies Have Been Breached in Last Two Years

According to IID-Sponsored Ponemon Institute Survey, Most Say Cyberthreat Intelligence Could Have Prevented or Minimized the Consequences of Those Attacks

TACOMA, WA--(Marketwired - Nov 4, 2015) - IID, the source for clear cyberthreat intelligence, today announced the immediate availability of the Ponemon Institute survey that the company sponsored entitled, "Exchanging Cyber Threat Intelligence: There Has to Be a Better Way." The second annual survey includes insight from 692 IT and IT security professionals from both global businesses and government agencies, who answered more than three-dozen questions around threat intelligence sharing. The majority of organizations where those employees work have more than 1,000 employees.

When asked, "Did your company have a material security breach in the past 24 months," 47 percent of those surveyed said yes. Survey participants also asserted that threat intelligence -- information that has been analyzed and refined so that it is useful in hindering cyberthreats -- could have prevented those cyberattacks. Specifically, 65 percent said that they believed threat intelligence could have prevented or minimized the consequences of a cyberattack they had suffered in the last 24 months. When asked the same question in the 2014 survey, 61 percent said yes.

"It is becoming more and more apparent that raw threat data is not effective. Just like the bad guys share ways to carry out their attacks, organizations must also share actionable and timely ways to stop threats," said Larry Ponemon, Chairman and Founder of the Ponemon Institute. "It is also clear that it is impossible for one organization to harvest that threat intelligence on their own as evidenced by the fact that 83 percent of people we surveyed exchange threat intelligence."

Other key findings in the survey include:

  • Exchanging threat intelligence is imperative and good for the U.S.
    Seventy-five percent of respondents believe exchanging threat intelligence improves their organization's security posture and 63 percent say it's good for the United State's critical infrastructure.

  • Timeliness is the most important threat intelligence quality
    Respondents said timeliness makes threat intelligence the most actionable followed by the ability to prioritize and trustworthiness of the source. Despite 89 percent believing threat intelligence has a shelf life of hours or less, 79 percent refresh their data in increments of daily or longer.

  • Most using free sources, but not confident in data
    The biggest source of threat intelligence is free sources. Yet 46 percent say they cannot prioritize threats with, 39 percent they have no confidence in and 35 percent they have no context with free sources.

  • Issues are still stopping the exchange of threat intelligence
    The main inhibitors for exchanging threat intelligence are potential liability issues, lack of trust in sources and lack of resources.

"The amount of large organizations that have been breached online is eye opening, but what is equally interesting is the fact that IT and security professionals know what they need to stop those cyberattacks yet they are not doing so," said IID Vice President of Marketing Mark Foege. "We must continue to work together as an industry to make threat intelligence as timely, relevant and actionable as possible or else the bad guys will continue to infiltrate large businesses and governments worldwide."

To download the complete survey findings, go to internetidentity.com.

Methodology
Ponemon conducted the survey in September 2015. The hundreds of respondents were from companies and organizations spanning more than a dozen industries. The most represented industries in the survey were financial services, public sector, and health and pharmaceuticals.

About IID
IID is a cybersecurity company. Its flagship product, ActiveTrust, adds clarity to cyberthreat intelligence by distilling threat data from thousands of trusted sources, and fusing it into actionable intelligence delivered to security professionals and automated infrastructure. Fortune 500 companies and U.S. government agencies leverage IID to detect and mitigate threats, making ActiveTrust one of the world's largest commercial cyberthreat data exchanges. For more, go to internetidentity.com.

About Ponemon Institute
Ponemon Institute is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries. For more information, visit www.ponemon.org.

Contact Information