Thursday, March 8, 2012

Narus Cyber Survey: Increase in Volume and Sophistication of Attacks

Network security professionals are expressing concern at the increase in volume and sophistication of attacks, according to a newly published annual cyber security survey sponsored jointly by Narus, Converge! Network Digest and GSN: Government Security News. The annual survey queries a focus group comprising security professionals in a variety of industries.

Some key findings:

  • More than 55 percent of respondents are concerned that their company is not equipped to protect its networks from cyber attacks; approximately 85 percent think the government is not equipped to protect its networks.

  • The overwhelming majority of respondents (93.8 percent) believe cyber attacks are on the rise.

  • Inability to protect sensitive and confidential data (64.6 percent), viruses and malware (62.5 percent), social media attacks (52.1 percent), being able to analyze threats in real time (50 percent) and zero-day attacks (47.9) all ranked high as significant threats to organizations today.

  • More than 79 percent of the respondents believe the best way to protect against cyber attacks is with a solution that detects, analyzes and mitigates unwanted, unwarranted or malicious traffic in real time.

  • The respondents believe that the following three factors are most important when evaluating a cyber security solution: detection and remediation of advanced persistent threats, detection of bots and real-time threat analysis.
    Government networks left vulnerable.

  • Once again, the majority of respondents this year feel cyber attacks are showing no signs of slowing; in fact, the actual percentage held steady at 93.8 percent of respondents (as compared with 93 percent in 2010). Inability to protect sensitive data, viruses, malware and inability to analyze threats in real time present the biggest threats, according to respondents. The increasing sophistication of attacks is also worrying 91.7 percent of respondents, no doubt due to the onslaught of advanced persistent threats (APTs) like non-signature attacks.

  • The survey indicates that companies are bolstering their cyber security efforts, and therefore the confidence of their employees. Indeed, the number of respondents concerned that their company is not well-equipped to protect against cyber attacks has slipped over the past year (55 percent in 2011 vs. 71 percent in 2010), suggesting that companies are now at least beginning to implement technology that stands up to sophisticated threats. Additionally, 42.6 percent of respondents indicated that their companies have increased their respective cyber security budgets since 2010. But the same respondents were not so confident in the government's ability to protect its networks. Eighty-five percent of respondents believe government networks remain vulnerable to cyber attacks.

  • The survey also supports the view that there is a pressing need for real-time detection, analysis, and mitigation of cyber threats. Almost 80 percent of this year's survey respondents agree, citing a solution that provides real-time detection, analysis and mitigation of sophisticated attacks as the best choice for cyber protection. The detection and remediation of APTs emerged as a top criterion for such a solution, followed by real-time threat analysis and detection and remediation of bots.

"Each year, the cyber security survey yields results that consistently underscore the importance of real-time detection and analysis of network traffic,�? said Greg Oslan, CEO and president of Narus. “We look forward to working with our customers and partners to help them better manage and protect their networks against the increased volume and sophistication of cyber threats with NarusInsight."