July 18, 2016 By Larry Loeb 2 min read

A new study by the Ponemon Institute, “Security Beyond the Traditional Perimeter,” was released today. It considered external cyberattacks and assessed how they affect the enterprise.

The report found that 79 percent of the IT and security practitioners polled — which included 591 respondents from 505 different companies representing a wide range of industries — indicated their detection and mitigation strategy for cyberattacks was either nonexistent, applied ad hoc or inconsistently applied across the enterprise.

The findings also revealed that those companies that experienced a cyberattack in the past 24 months faced an average cost of about $3.5 million.

Focus Outside the Perimeter

The study examined the threats, costs and responses of companies with respect to cyberattacks. These threats included types of social engineering such as executive impersonations and branded attacks.

Such threats, which arise outside a company’s traditional security perimeter, may indicate that the perimeter has to be expanded. But doing so could open up another can of worms: It’s all the more important that things be done correctly when they’re done in motion. Professionals know you must first do no harm when you move security boundaries.

But before security professionals can address this problem, they need expertise, technology and third-party services to address these external threats. In fact, 64 percent of security leaders said they lacked the tools and resources needed to monitor outside sources of information. It’s hard to do something when you don’t have a way to do it.

The Wish List for Preventing Cyberattacks

The report gives credence to the idea that IT is aware of the social engineering exploits going on but doesn’t have a solution for preventing these types of cyberattacks.

“The majority of security leaders understand that these external internet threats imperil business continuity,” said Larry Ponemon, president of the Ponemon Institute. “The study highlights a gap in defenses against threats that have proven to be extremely effective for cybercriminals and costly for enterprises.”

Although security professionals know they need to change the way they battle cyberattacks, they aren’t prepared to meet that challenge. However, if given the tools, professionals would like their security perimeter to include features such as mobile app monitoring, social engineering awareness and infrastructure that prevents spear phishing.

More from

How will the Merck settlement affect the insurance industry?

3 min read - A major shift in how cyber insurance works started with an attack on the pharmaceutical giant Merck. Or did it start somewhere else?In June 2017, the NotPetya incident hit some 40,000 Merck computers, destroying data and forcing a months-long recovery process. The attack affected thousands of multinational companies, including Mondelēz and Maersk. In total, the malware caused roughly $10 billion in damage.NotPetya malware exploited two Windows vulnerabilities: EternalBlue, a digital skeleton key leaked from the NSA, and Mimikatz, an exploit…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today