Survey: 90% of Companies Say They've Been Hacked
If it sometimes appears that just about every company is getting hacked these days, that's because they are.
In a new survey ( download .pdf ) of 583 U.S companies conducted by Ponemon Research on behalf of Juniper Networks, 90% of the respondents said their companies' computers were breached at least once by hackers over the past 12 months.
Nearly 60% reported two or more breaches over the past year. More than 50% said they had little confidence of being able to stave off further attacks over the next 12 months.
Those numbers are significantly higher than similar surveys and suggest that a growing number of enterprises are losing the battle to keep malicious intruders out of their networks. "We expected a majority to say they had experienced a breach," said Johnnie Konstantas, director of product marketing at Juniper.
"But to have 90% saying they had experienced at least one breach and more than 50% saying they had experienced two or more, is mind blowing," she said. It suggests "that a breach has become almost a statistical certainty," these days.
The organizations that participated in the Ponemon survey cut across both the private sector and government and ranged from relatively small entities with less than 500 employees to enterprises with more than 75,000. The online survey was conducted over a five-day period earlier this month.
Roughly half of the respondents blamed resource constraints for their security woes, while about the same number cited network complexity as the primary challenge to implementing security controls.
The Ponemon survey comes at a time when concerns about the ability of companies to fend off sophisticated cyberattacks are growing. Over the past several months, hackers have broken into numerous supposedly secure organizations, such as security firm RSA, Lockheed Martin, Oak Ridge National Laboratories and the International Monetary Fund.
Many of the attacks have involved the use of sophisticated malware and social engineering techniques designed to evade easy detection by conventional security tools.
The attacks have highlighted what analysts say is the growing need for enterprises to implement controls for the quick detection and containment of security breaches. Instead of focusing only on protecting against attacks, companies need to prepare for what comes after a targeted breach .
The survey results suggest that many companies have begun moving in this direction. About 32% of the respondents said their primary security focus was on preventing attacks.
About 16% claimed the primary focus of their security efforts was on quick detection and response to security incidents, while about one out of four respondents said their focus was on aligning security controls with industry best practices.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org .
Read more about security in Computerworld's Security Topic Center.