Noticed the raft of headlines about break-ins at companies? If you did, that is the proverbial tip of the iceberg.
Think about the hammering that Sony took on the Playstation hack or how RSA will never live down the loss of golden keys and the subsequent attack at Lockheed.
Victims overwhelmingly prefer to keep quiet. If there is disclosure, its because there is loss of consumer information which is subject to laws. If corporate information is stolen, it is often not required to be disclosed.
A survey by the Ponemon Institute sponsored by Juniper of 581 security professionals at large companies in the United States, Britain, France and Germany, found that 90 percent of them had at least one breach in the last year and 59 percent had two or more. And the costs are mounting; 41 percent of break-ins cost more than half a million dollars.
What is interesting though, is the variation in perception between those in the trenches who think the organization is under equipped to cope with the onslaught, versus senior executives who think that resources are in place.
This study describes the situation at federal agencies such as DHS, DOD and HHS. Whereas 64% of the rank-and-file recognized the importance of log management, only 45% of senior executives shared this view.
These are important findings because they show differences between the people who are determining the priorities and direction for their organization and those who are in the trenches and seeing the risks first-hand.
The magnitude of the security threat is much greater than many realize.