Cyberattack Response Takes Over 2 Days, Industry Survey Reports

By   ISBuzz Team
Writer , Information Security Buzz | Oct 14, 2021 03:47 am PST

BACKGROUND:

The latest industry survey from Deep Instinct is reporting  Incident Response to Cyberattacks Take Over Two Working Days, According to Latest Industry Survey. The second edition of Deep Instinct’s bi-annual Voice of SecOps Report shows that fully 83% of cybersecurity professionals were dissatisfied with current EPP and EDR solutions. Report excerpts:

The average global response to a cyberattack was found to be 20.9 hours—more than two “working” days. … survey respondents were uncertain whether it is possible to prevent the constant waves of attacks from cybercriminals. In addition, security operations professionals cite threats from within as a persistent issue; 86 percent do not have confidence that their fellow employees will not click on malicious links, easily allowing threats into an environment and initiating an attack or breach.

  • Concerns about addressing cyberattacks:
    • The lack of threat prevention specific to never-before-seen malware (44%) is a top concern.
    • Hidden persistence, whereby threat actors discreetly maintain long-term access to systems despite disruptions such as restarts or changed credentials, is the most feared tactic used by attackers to launch large-scale attacks (40%).
    • Lack of qualified SecOps staff (35%) causes challenges for incident response, especially amongst those working in healthcare (52%) and the public sector (55%).
  • Complete endpoint security coverage remains elusive:
    • Nearly all of those surveyed (99%) believe they don’t have every endpoint in their company secured by at least one agent.
    • One-third (32%) of respondents claim that every endpoint has the same level of protection, with a majority of 60% claiming they are unable to consistently block threats across endpoints.

An expert with Cyvatar offers insight.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Josh Brewton
Josh Brewton , vCISO
October 14, 2021 11:54 am

<p>The core of the Security Operations Center is to worry. They are concerned about unintentional insider threats within their cloud environment. They worry about adequate response times, and you better believe they worry about missing the occurrence of a security incident. This worry fuels the SOC and their vigilance in the face of monitoring, detecting, and responding to security events. This same worry drives security professionals to become better and create the next evolution of cybersecurity tools and techniques.</p>
<p>SOCs face many challenges to include organizational shifts to growing cloud environments. As the journey from traditional on-premises solutions to cloud-based ones continues, we must ensure that what we are doing is suitable for our data and organizational goals. Ask yourself if you have the in-house knowledge or personnel to handle architectural and data security requirements. While many cloud providers maintain the security of their cloud environments, it is up to your organization to maintain the security and integrity of the created and uploaded data.</p>
<p>While eliminating the ransomware and malware attacks is the horizon we navigate towards as cybersecurity professionals, the reality is that we can only posture our organizations to better defend, detect, and respond. We will see our traditional incident response time track downward by equipping and empowering our teams with the tools, knowledge, and ability to handle a security event with speed and accuracy. If we educate our users on organizations\’ issues, we help instill a sense of responsibility regarding cyber security, which can aid in response. With cybersecurity receiving support from leadership along with a cultural implementation within your organization, security professionals may be able to worry just a little less.</p>

Last edited 2 years ago by Josh Brewton

Recent Posts

1
0
Would love your thoughts, please comment.x
()
x