Earlier this week, telecoms giant AT&T released its annual Business Continuity Study. The new report reveals some interesting things about how prepared businesses are when it comes to security threats.The figures show that 63% of the interviewed executives have named security breaches as their most important security concern for 2013. In addition, 83% of execs are concerned about the impact of the BYOD trend.
On the bright side, nine out of ten organizations appear to understand the increasing importance of security. 88% of the subjects claimed to have a proactive strategy in place.
As far as distributed denial-of-service (DDOS) attacks are concerned, seven out of ten firms are taking proactive and reactive measures to protect themselves against such threats.
Over half of them are utilizing DDOS protection services to identify potential attacks.
The study also shows that 78% of companies have a business continuity plan in the event of a network security incident.
Security breaches are not the only concern right now. Most organizations say they also have business continuity plans in case of a disaster such as the Superstorm Sandy or the recent Oklahoma tornado.
“This survey demonstrates that a vast majority of security professionals believe they are acting proactively to secure their organizations against breaches and data theft; what it doesn't reveal is whether or not the respondents’ programs and solutions truly are proactive,” Sam Glines, CEO and co-founder of Norse, told Softpedia.
"Organizations that want to be proactive in today's cyberthreat environment need to adopt strategies that include the integration of 'live' threat intelligence into their traditional security tools, websites, Web applications, and Web-based business processes,” he added.
“By adding live intelligence at the specific points of attack, organizations can block advanced and zero-day threats before the attack greatly reducing the risk of compromise and data breach,” Glines said.
"Fortunately, we are at a stage when live threat intelligence technologies have emerged to the point that organizations can start to implement these proactive strategies, and it is time for security leaders to act on adding live intelligence capabilities to their security stack.”
“While it is encouraging to see so many organizations acknowledging the importance of proactive security, we are really at the infancy stage of organizations adopting a truly proactive approach to security.”
Rob Kraus, director of research for Solutionary’s SERT, has also commented on the latest AT&T study.
“The fact that nine out of ten organizations take the proactive approach to security does not mean they are effective, or even capable of stopping attacks,” Kraus told us.
“Based on first-hand experience, when we approach an organization for any type of incident response, they often do not have the processes in place to effectively mitigate a threat – I would say one out of ten does this well enough to handle on their own – so it is important to distinguish between ‘understanding’ and ‘acting’ on proactive security strategies and have an incident response plan in the event a breach or compromise does take place,” he added.
“While attitudes are beginning to change, organizations typically are not equipped to handle the plethora of attacks that exist today.”