I hate to say it but the survey conducted by Ponemon Institute LLC is not surprising (see link below). It is disheartening, but not surprising. It’s also a little spooky. How many hacks take place everyday on corporate data that are never caught? It’s hard enough for companies with large, experienced IT staffs to keep on top of things. Imagine what the small shops go through. As I mentioned in a earlier post I work in a small shop and my resources are limited. Many shops are in similar situations or worse. They may have staff but often the staff is inexperienced especially when it comes to security.
I used to be a consultant and almost every client I had relied on the company I worked for to provide ALL of their IT needs. If a breach occurred we may never know about it because we were only there one day a week and in a few cases it was less than that. In the year that I worked there I can only recall one incident where a breach was caught. I discovered the breach while investigating a Active Directory problem. It turns out that the breach caused the AD problem.
As security professionals we know that we can’t stop all attacks and that there may be some small ones that happen that we never find out about, but to think that so many companies are ill equipped to handle attacks is sad.