Larry Ponemon: How Financial Service and Retail Organizations Tackle Advanced Threats

Just issued today, the Ponemon Institute unveiled key findings from two separate surveys, sponsored by Arbor Networks, that explore how retail organizations and financial services organizations are tackling advanced threats. We took a few moments with Larry Ponemon, President and Founder of the Ponemon Institute, to pick his brain on the key findings that surprised him the most from either survey.

Join us on Wednesday, May 21 at 11:00am ET to hear more from Larry Ponemon and Arbor’s Arabella Hallawell where they’ll be discussing the findings from both the retail and financial services reports. Register here:

Download the reports:


Why do you think organizations are struggling so much to address advanced threats targeting their network?  To deal with these super stealthy and sophisticated attacks requires companies to rely upon what has traditionally been successful in building a strong security posture: people, process and technologies. As our study reveals, more investment is needed in security operations staff and forensic tools to be able to investigate Advanced Threats (ATs) quickly before too much damage is done. Instead of relying upon a “gut feel,” formal incident response plans and approaches such as the cyber kill chain will give companies the support and confidence they need to address advanced threats.

Which survey question response received the most surprising response, in your view?  I think it was surprising to learn that 38 percent of respondents admit their retail companies rely upon ‘gut feel’ to determine if they have experienced an advanced threat. It was also surprising that given the risk to both financial services and retail, that the majority of respondents do not believe they will improve the time it takes to detect and contain incidents. This finding explains why organizations are struggling to address advanced threats.

Much of the focus for security teams has been on prevention, and then incident response. Do you see an increasing focus on detection? The findings reveal that the majority of financial services companies believe their technologies and personnel are effective at detecting advanced threats and this indicates they have been making the necessary investments.  Retail companies believe they are also more effective at detection than prevention. Based on these findings, there is a definite shift to focus on detection.

The length of time that an advanced threat sits lurking on a network is between 100-200 days, which is pretty remarkable. What are the top 2-3 things you’d recommend that retail and financial services company do to reduce that time to discovery?

Number 1: Forensic technologies are critical

Number 2:  Build a security team trained on detecting unusual or suspicious activities

Number 3: Threat intelligence gathered internally or shared with trusted parties is another component to improving the time to discovery

Arbor - Ponemon Retail and Financial Survey_final

What do you think was the most interesting nuance or difference between the overall key findings within financial services organizations surveyed vs. retail organizations surveyed? Financial services are much more effective in dealing with ATs and DDoS attacks, suggesting they have been making the necessary investments in technologies and security personnel. As mentioned above, retail security teams are more likely to rely on “gut feel” when trying to determine if the attack was an AT. The financial services sector is also more optimistic about the ability to improve the time to detect and contain ATs and DDoS attacks. They are also more likely to take such important steps as integrating threat intelligence into the incident response function, increasing security operations staff and implementing new forensic security tools.

Threats get most of the attention, and talk about the ‘people problem’ in security departments. Staffing is a big problem for security functions.  Other studies conducted by Ponemon Institute have shown that turnover in security departments is high and it can take at least one full year or more to hire someone with the necessary background and education to fill a key position. The ability to attract and retain skilled and dedicated experts should be as much a priority as investing in technologies.

Were you surprised to see such a high percentage of companies viewing DDoS attacks as part of advanced threats? Yes, in both financial services and retail the majority of respondents believed the cyber attack was a denial of service. This could be due to not having the appropriate forensic tools and evidence to determine the nature of the attack.

  • Posted in Advanced Threats
  • Comments Off on Larry Ponemon: How Financial Service and Retail Organizations Tackle Advanced Threats