With technology constantly evolving, companies continue tobenefit from more ways of processing data. But withincreased technological reliance also comes greater risk as hackershave become more sophisticated and have better tools.

According to an Information SecurityMedia Group's (ISMG) study, which surveyed respondentsincluding senior security IT leaders from organizations of allsizes from industries including banking, healthcare, andtechnology, only 20 percent believed their current incidentresponse program to be "very effective," and the overall number ofattacks continues to increase.

Protecting against cyber breaches is critical for majororganizations, but companies struggle with aspects of detectionincluding speed and accuracy—if they can detect the attacks atall.

The report examines information regarding shocking incidents ofdata breaches, indicating a need for reform in the current cyberprotection model.

"To stay ahead of today's advanced threats, incident responseteams need the tools and techniques that give them greateraccuracy, speed and insight," said Tom Field, ISMG editorial vicepresident.

Click through the following slides for the survey's key findingsand how organizations can achieve accuracy, speed and insight forimproved protection.

Detection

The survey finds that the problem is not awareness ofthreats, but the current defenses, or lack thereof. Respondents arelargely aware of potential, advanced attacks, but the currentdefense systems often fail to detect and respond tosecurity incidents.

The responses revealed a low level of "detection efficacy," with66 percent of respondents struggling to detect attacks in theirenvironment, 62 percent struggling with their speed of detectionand 44 percent struggling to accurately confirm the stage, scopeand location of breaches.

Malicious codes, such as viruses or worms, were the No. 1security breach among the survey respodnents.Such breaches can result in financial loss andreputational damage.

System downtime was cited as the most common impact of anincident, but damage to systems, loss or compromise of data anddamage to the integrity or delivery of goods or services are alsoamong the repercussions.  

Viruses and Trojans are the predominant forms of malware beingdetected by organizations, at 44 percent and 34 percent,respectively. However, it is important to consider the types ofthreats that organizations haven't been able to detect.

Cyberthreats andResponse

Cybercrime and advanced persistent threats (APTs) are the typesof attacks most feared by survey respondents, butorganizations are often unequipped to handle such incidents, eventhough advanced malware can pose considerable risk.

But it's not just intercepting information and trojanizingsoftware that hackers are after. "Perhaps the most damaging is[hackers] often sell or trade the compromised assets to criminalgroups so they can come back in to exfiltrate additionalinformation from that network," said Bill Hau, vice president ofFireEye Labs.

Unfortunately, incident response programs generally are notequipped to handle mass security breaches. 60 percent ofrespondents cited their organization's incident response program tobe "reasonably effective," but as the report questions, "is'reasonably effective' going to ward off attacks?"

Similarly, 60 percent stated that their organization's currentanti-malware tools were "reasonably effective," but only 55 percentbelieve they can detect the exact location of malware in theirenvironment. 14 percent cannot, and an astounding 31 percent "don'tknow."

Even more unsettling is the number who cannot determine theextent or stage of malware infiltration or propagation. 20 percentanswered that they cannot, while 36 percent "don't know."

This speaks directly to a "distinct lack of real-time visibilityinto endpoints and servers and how they are being compromised." Aresponse team cannot accurately determine the extent of damage ifthey are unable to achieve effective and timely visibility ofinfected systems.

And although organizations fear APTs, only half haveinvested in tools for early detection and response. Less thanone-third have an actual APT incident response plan and nearlyone-quarter have "no APT-specific measures," leading to theconclusion that response plans need to be further developed, ascurrent defenses are ineffective at providing responses in a timelyand accurate manner.

Struggles for ResponseTeams

Respondents named detection speed, monitoring andsituational awareness and accuracy and their top three securitychallenges. Their top three technical challenges impactingtheir ability to respond were inability to detect APT ormalware threats in time, the inability to determine the extent ofmalware or APT infiltration and a lack of skills or tools toeradicate and contain a threat.

Acting in real time to threats is at the heart of the issuesplaguing organizations in terms of data security. For manycompanies, timing is a major issue, as a slow response preventscontainment. From the indicator of compromise to actual detection,it takes 47 percent a few hours to discover the threat, but awhopping 16 percent do not make the discovery for a few days afterthe initial incident.

Average time to reach a resolution to the threat after discoveryis commonly one to eight hours, but a significant amount ofrespondents cited up to 5 days, proving there to be inconsistenciesbetween companies' strategies and level of effectiveness inhandling threats.

However, many of the respondents, 42 percent, expect theirorganization's incident response budget to increase and are willingto spend to protect themselves from security incidents. However 51percent do not believe that their budget will change, while 5percent believe their budget to be reduced.

Survey results indicated two priorities for spending in thecoming year—with training and awareness being the top priority for31 percent of organizations surveyed closely followed by automatedincident detection and containment tools for 25 percent.

The report indicates that spending on automated tools is a goodstarting point for organizations who are struggling with real-timedetection and response, but training and awareness of handling databreaches could go one of two ways. On one side, organizations cando a better job of positioning their employees to be more vigilantabout security practices, but other studies reveal that securityawareness and training is often a one-time event, resulting inlittle change.

Improving with Speed,Accuracy and Insight

To improve incident response plans, security leaders mustembrace three key concepts: speed, accuracy and insight.

Taking the unknowns out of detection to respond quicklyis key. The survey stresses the need for not just tools,but trained personnel. Reliance on real-time detection, responseand containment should be a priority.

In terms of accuracy, knowing and responding to the true extentof a breach is necessary. Stronger analytics to know when a malwarehas infected a system and awareness of potential damage is key inimproving the precision and effectiveness of a response team.

Insight aids in prevention. When organizations have proper toolsand a well-trained staff, monitoring systems and detecting attackscan assist in containment and improve response. Resolving incidentsbefore they occur should be the ultimate goal of an organization,and if an attack cannot be prevented, response teams should beprepared to limit the potential damage.