Organisations are getting much better at stopping cyber-attacks, but still suffered on average 30 security breaches last year, causing damage or data loss, according to Accenture. It found that 87% are now preventing “focused” attacks, up from 70% last year, but that still leaves 13% of online raids penetrating defenses. Dr Anton Grashion, Managing Director, Security Practice at Cylance commented below.
Dr Anton Grashion, Managing Director, Security Practice at Cylance:
Q.What surprises you the most about the findings from this research?
A.The most surprising finding is the increase in detection rates. We routinely find malicious code residing in organisations that has had a dwell time in hundreds of days and indeed data in the latest Verizon DBIR points to discovery being closer to months rather than under a month. Having said that, organisations are probably getting better at detection but unfortunately often at the expense of at first preventing them. It is often a case of too little too late to rely on a detect and respond strategy in today’s threat landscape. The report also points out that investment in new technologies is lagging behind the assumed improvements they can deliver. Now this isn’t surprising as AI and machine learning have created a bandwagon effect that has seen vendors scrambling to claim that they have AI/ML. Checking out the claims can be time consuming and often descends into arguments about the sematic use of terminology rather than an examination of fundamental data science credentials or even testing the claims for themselves.
Q.What advice would you give to organisations to avoid being breached?
A.Start with a robust predictive prevention strategy. The more you can stop before you need to start looking for indicators of compromise fundamentally changes the economics of cybersecurity. Detection and response is undeniably necessary but never has it been more true that an ounce of prevention is worth a pound of cure.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.