Research exposes gap between reality and expectations, with CIOs admitting they do not proactively hunt for threats, yet expect to expose breaches in less than two months
Carbon Black®, the leader in Next-Generation Endpoint Security (NGES), announced the findings of a new CIO survey into current approaches to breach detection and response. The survey found that 82% of CIOs are under increasing pressure from the business to prevent, detect and respond to security incidents faster. However, over a quarter (28%) are ‘not concerned’ that if they were breached it would take a long time to find out it had happened, or worse that they may be breached without realising. In addition, 85% admit that, despite their best intentions, they are failing to take a proactive approach to hunting out threats. Instead, they are reactively dealing with threats as and when a breach is uncovered.
The survey also uncovered disconnect between CIOs’ expectations of threat discovery and response, and reality. According to research from the Ponemon Institute, it takes on average 258 days to detect a breach and a further 100-120 days to remediate the threat after an attack. Yet those surveyed believe it would take an average of two months to uncover a breach. Over a quarter (26%) claimed they would be able to uncover a breach in less than two weeks, 15% in less than a month, 18% in less than three months, while 14% believe it would take up to six months. As previously mentioned a further 28% said they were not concerned about the length of time it would take them to uncover a breach. Additionally, over half (52%) believe that if they were to suffer a breach today, they would be 100% confident in knowing what systems and data had been affected and how within 24 hours.
Ben Johnson, Chief Security Strategist for Carbon Black, comments: “When you look at these results, something really doesn’t add up. On the one hand, companies are operating from a reactive security posture and tending to symptoms, rather than causes. Yet they still believe they can detect threats much faster than the industry average, even though they are not actively seeking them out. Hackers today are determined, sophisticated, and well-funded – sitting and waiting for them to make a mistake and expose themselves is not an effective strategy. However, many security teams are flying blind, unable to prioritise threats because of the huge volumes of alerts they receive. Companies need to automate processes where possible to free up security teams time to hunt threats and disrupt hackers during an attack, rather than just picking up the pieces in the aftermath.”
The survey also looked at the ways in which security teams are using technology to be alerted to threats and found that many of the tools that businesses are relying on are not equipped to deal with the new range of attacks facing organisations. While Firewalls (94%) and AV (90%) are almost ubiquitous, and two-thirds of companies are using encryption (64%) or Intrusion Detection Systems (62%), less than half of organisations (44%) have advanced endpoint protection in place. In addition, most businesses are hampered by the fact they are only aware of attacks in their immediate environment, with no perspective of what is happening in the broader market. As a result, 89% of CIOs think that security vendors need to collaborate more to provide contextual information about the threats they face.
Johnson continues: “Digital businesses are more open and accessible than ever before, as we are all constantly connected to the internet. As such, our security perimeter is no longer the network, but the endpoints we use to connect – which are multiplying in number and range every day. However, while the nature of the threats we face is changing, our approach to security is yet to catch up. AV cannot protect the endpoint against zero day attacks, IDS will not prevent a malicious file from executing on a laptop. Not only are CIOs not using the right tools, but they also have no visibility outside their own environment – they’re not asking themselves; has anyone else had this problem? If so, how did they resolve it? The next generation of security needs to use collective intelligence of thousands of users, share knowledge and patterns of attack behaviours across a community. We all have the same goal, to hit back against the bad guys, so we need to unite to do this more effectively.”
The survey of 200 CIOs at UK businesses across multiple industry sectors and with more than 1,000 employees was commissioned by Carbon Black and conducted by independent research firm Vanson Bourne in January 2016.
[su_box title=”About Carbon Black” style=”noise” box_color=”#336588″]
Carbon Black leads a new era of endpoint security by enabling organizations to disrupt advanced attacks, deploy the best prevention strategies for their business, and leverage the expertise of 10,000 professionals from IR firms, MSSPs and enterprises to shift the balance of power back to security teams. Only Carbon Black continuously records and centrally retains all endpoint activity, making it easy to track an attacker’s every action, instantly scope every incident, unravel entire attacks and determine root causes. Carbon Black also offers a range of prevention options so organizations can match their endpoint defense to their business needs. Carbon Black has been named #1 in endpoint protection, incident response, and market share. Forward-thinking companies choose Carbon Black to arm their endpoints, enabling security teams to: Disrupt. Defend. Unite.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.