In wake of hacks, incident response efforts weak in enterprise

Only 9 percent say they have a handle on the issue, according to SANS Institute survey.

In the wake of Russian hackers making off with 1.2 billion users names and passwords from 420,000 web sites , many organizations say they have ineffective incident response to deal with such circumstances, according to a SANS Institute survey.

The survey showed that only 9 percent of organizations believe their incident response is "very effective".

What that means is that most organizations are ill equipped to mobilize once hackers have pried open the virtual doors and windows of their networks.

Control button

The survey showed that 26 percent of respondents were “dissatisfied” with their incident response. They cited a number of hurdles to effective efforts, including lack of review or time to review and practice procedure (62 percent), and lack of budget (60 percent).

“Having a plan in place to address incidents, including delineation of what constitutes an incident, enables organizations to address issues when they do arise,” Jake Williams, a SANS Analyst and incident response professional said in a statement. "Overall, organizations are not ready to handle their incident response requirements.”

The survey dovetails with a Ponemon Institute survey from January , which found that a vast majority of top executives at targeted companies and organizations are still remarkably unaware of just how vulnerable their networks and data are to a multitude of different threats. The report concluded that this lack of awareness is directly correlated to how quickly – or not – companies respond to an attack and eventually sort out how it happened and who was responsible.

How quickly and efficiently those companies handle a breach could mean millions of dollars in savings not only for them and their customers, but also lessen the impact on the company’s reputation.

As a result of a breach last year, Target showed a 46 percent drop in profits in its fourth quarter earnings report compared to the same quarter a year ago. In addition, the CEO and the CIO lost their jobs.

The incident response survey was sponsored by AccessData, AlienVault, Arbor Networks, Bit9 + Carbon Black, HP and McAfee/Intel Security.

SANS Analyst and survey author Alissa Torres said small companies often think these breaches are predominantly carried out on large enterprises, but that is not the case. See last week’s Russian hacker password haul as an example.

The New York Times reported last week that “a Russian crime ring has amassed the largest known collection of stolen internet credentials, including 1.2 billion username and password combinations and more than 500 million email addresses.”

The billion-credential haul set a new record for username and password theft and created a potential black-market bonanza and corporate nightmare for those companies affected.

Torres and Williams will host a free set of Webinars outlining the survey findings on Thursday and Friday.

The 25-year-old SANS Institute is a cooperative research and education organization focused on information security training and security certification.