While more retailer, financial service and public sector IT professionals want info on threats, many lack faith in the accuracy of that data.

Online data breaches are on the rise, and experts say the best way to prevent infractions is for information technology professionals to share information about those breaches with each other.

That’s according to an annual report from Internet security research firm the Ponemon Institute. The firm surveyed 692 information technology professionals from businesses and government agencies and found that nearly half—47%—reported some kind of security breach within the past two years.

The financial services industry represented 19% of survey respondents, followed by health and pharmaceuticals (12%), the public sector (12%), industrial companies (9%) and retailers (9%). More than half (54%) of respondents were from organizations with more than 1,000 employees.

This is the second time the Ponemon Institute has conducted the survey. While more respondents think that knowing more about threats could have mitigated attacks (65% this year versus 61% last year), there’s still an overall lack of faith in their ability to take action on the data they receive about threats. Just 34% of respondents believe they can act on threat intelligence data, while even fewer (31%) think it’s accurate.

Still, having that data is preferable to not having it.

advertisement

75% of respondents said participating in a “threat intelligence exchange program” improves their organization’s security posture while 60% say such programs help them better prepare for a breach.

The most reliable sources of threat information come from peers, such as fellow retailers, and security vendors. 65% of respondents say they informally exchange information with peers, and 45% say they do so through a vendor threat exchange service. Law enforcement and government sources are not often used for threat intelligence, according to the report.

In a world of increasingly stealthy and sophisticated cyber criminals it is difficult, costly and ineffective to fight online attacks alone,” the report says. “Having the ability to connect and share information about existing and emerging threats could measurably improve an organization’s cyber defenses.”

Favorite

advertisement