Most organizations don’t understand the value of digital evidence

A vast majority of organizations are not adequately prepared to determine source and scope of attacks, according to a survey by Solera Networks.

Nearly all participants (96 percent) recognize the importance of real-time situational awareness, yet only about 19% say their network security teams have this capability. In-depth interviews indicate that only a fraction of this group can gather enough information from an attack to prevent it again in the future.

Highlights of the survey findings include:

• 82% said that it’s likely they will experience a significant security incident within the next 3 years.
• 96% feel threatened by employee web activity, and 71% fear that instant messaging poses security threats.
• 92% expressed concern over lengthy recovery times.
• 64% of respondents said they don’t have the data or tools to efficiently determine the full scope of security incidents. 20% said it’s “impossible to determine scope.”
• 96% recognize the value of real-time situational awareness and network forensics, yet only about 19% say they have the capability.

According to Lawrence Dietz, General Counsel and Managing Director at TAL Global, who participated in the survey, “It is our experience that most organizations are not prepared to deal with this kind of incident because they don’t understand that valuable digital evidence is lost as soon as the breach is over. Most organizations fail to employ proactive forensic tools.”

Advanced persistent threats, which continue to compromise network security and untold amounts of personal data and intellectual property, can only be stopped when you can see them in action inside the network. While it is important to identify that there has been a security breach or incident, it is more important to understand exactly what happened in order to remove the threat.

Without network forensics, a threat can lurk undetected, undermining the network, compromising data and overall security, and/or attacking on scheduled command, endangering not only the resident network but a broader cyber sphere.