Cyphort and Ponemon Institute Study Reveals Alarming Number of CEOs Still in the Dark About Cyber Threats and Companies Spend Majority of Time Chasing False Positives

Nearly Half of All Companies Lack the Right Intelligence to Detect and Contain Attacks

SANTA CLARA, Calif.--()--Cyphort, the next generation Advanced Persistent Threat (APT) defense company, today announced the results of a Ponemon Institute survey titled The State of Malware Detection & Prevention. According to the study, 34 percent of CEOs and other C-level executives are completely in the dark about cyber-attacks against their companies. This is despite the fact that 63 percent of respondents admitted that their companies had been the victims of one or more advanced attacks during the past 12 months. This lack of senior executive awareness parallels the fact that 39 percent of respondents don’t believe their company has the necessary intelligence to make a convincing case to the C-suite about the threats facing their company.

Other key survey findings include:

  • There is good and bad news regarding advanced attacks against the surveyed companies. The Bad: 21 percent of respondents took anywhere from 1-2+ years to detect the attack. The Good: Nearly 30 percent of companies were able to discover the attack against their company in anywhere from 1-8 hours after it occurred. The Good: 28 percent of companies were able to contain the breach in 1-8 hours. The Bad: 27 percent took anywhere from 1-6 months to contain the breach.
  • Getting malware attacks under control continues to be a challenge for companies. According to 68 percent of respondents say their security operations team spends a significant amount of time chasing false positives.
  • Thirteen percent of companies expect their 2016 security budget to decrease. The average 2016 cybersecurity budget is approximately $16 million and 34 percent will be allocated to incident response efforts. Fifty percent say their budget will stay the same and 37 percent expect their budget to increase in 2016.
  • You Can’t Stop What You Can’t See. Seventy-six percent of companies lack visibility of threat activity across the network. Sixty-three percent have an inability to prioritize threats. Fifty-five percent of companies lack in-house expertise.
  • Investigations of malware alerts often are false positives. On average, 29 percent of all malware alerts received by their security operations teams are investigated and an average of 40 percent are considered to be false positives. Only 18 percent of respondents say their malware detection tool provides the level of risk for each incident.
  • Organizations reimage endpoints based on malware detected in the network. More than half (51 percent) of respondents say their organization reimages endpoints based on malware detected in the network. 33 percent of endpoint re-images or remediates are performed without knowing whether it was truly infected.

“The study results are fascinating, despite such catastrophic data breaches as Target and Sony, cyber threats are not getting appropriate attention from senior leadership they deserve,” said Larry Ponemon, chairman and founder of Ponemon Institute. “Companies are still struggling to have an effective strategy to prevent and detect malware and advanced threats. One recommendation is for organizations to significantly reduce the time spent on false positives and irrelevant threats in their network. In our opinion, the effective solutions are the ones who smartly combine next generation network-based sandboxing and network behavior anomaly analysis.”

“Our job is to ensure customers can stay one step ahead of the sophisticated and targeted attacks that cause breaches,” said Manoj Leelanivas, president and CEO, Cyphort. “By enabling organizations to respond to advanced threats quicker, with greater accuracy and much more cost effectively, Cyphort can minimize the exposure and risk associated with those attacks. Cyphort is the first advanced threat defense solution that automatically prioritizes threats based on business risks, dramatically reduces false positives and suppresses the noise from irrelevant threats (red herrings).”

Download a copy of The State of Malware Detection & Prevention survey report here.

To view the infographic and the related stats, click here.

Methodology

The State of Malware Detection & Prevention in 2016 surveyed 597 IT and IT security practitioners in the U.S. who have responsibility for directing cybersecurity activities and/or investments within their organization. All respondents have a network-based malware detection tool or are familiar with this type of tool.

About Ponemon Institute

Ponemon Institute conducts independent research and education that advances information security, data protection, privacy and responsible information management practices within businesses and governments throughout the world. Our mission is to conduct high quality, empirical studies on critical issues that affect the protection of information assets and IT infrastructure. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. www.ponemon.org.

About Cyphort

Cyphort is the next generation APT defense solution for enterprise organizations. Cyphort provides a single pane of glass across perimeter and laterally moving threats, correlates threat signals before and after an incident, while eliminating noise from false alerts and red herrings. Cyphort has leveraged the power of machine learning and data science to build a next generation threat detection engine that evolves ahead of the threats. A virtualized deployment model combined with open API based integration allows customers to address APT security gaps across global locations while leveraging their existing investments in perimeter and endpoint security for threat defense. Cyphort is a privately held company headquartered in Santa Clara. For more information, please visit www.cyphort.com and follow us @Cyphort.

Ponemon Institute conducts independent research on data protection and emerging information technologies. Ponemon Institute is a member of the Council of American Survey Research Organizations (CASRO) and uphold strict data confidentiality, privacy and ethical research standards.

Contacts

Cyphort
Nicole Bosgraaf, 781-684-0770/415-512-0770
cyphort@mslgroup.com

Release Summary

Nearly Half of All Companies Lack the Right Intelligence to Detect and Contain Attacks

Contacts

Cyphort
Nicole Bosgraaf, 781-684-0770/415-512-0770
cyphort@mslgroup.com