The majority of organizations are still reacting to information security breaches rather than taking proactive measures
- Published: Wednesday, 24 February 2016 09:44
Carbon Black has published the findings of a new CIO survey into current approaches to breach detection and response. The survey found that 82 percent of CIOs are under increasing pressure from the business to prevent, detect and respond to security incidents faster. However, over a quarter (28 percent) are ‘not concerned’ that if they were breached it would take a long time to find out it had happened, or worse that they may be breached without realising. In addition, 85 percent admit that, despite their best intentions, they are failing to take a proactive approach to hunting out threats. Instead, they are reactively dealing with threats as and when a breach is uncovered.
The survey also uncovered a disconnect between CIOs’ expectations of threat discovery and response, and reality. According to research from the Ponemon Institute, it takes on average 258 days to detect a breach and a further 100-120 days to remediate the threat after an attack. Yet those surveyed believe it would take an average of two months to uncover a breach. Over a quarter (26 percent) claimed they would be able to uncover a breach in less than two weeks, 15 percent in less than a month, 18 percent in less than three months, while 14 percent believe it would take up to six months. As previously mentioned a further 28 percent said they were not concerned about the length of time it would take them to uncover a breach. Additionally, over half (52 percent) believe that if they were to suffer a breach today, they would be 100 percent confident in knowing what systems and data had been affected and how within 24 hours.
Ben Johnson, chief security strategist for Carbon Black, comments: “When you look at these results, something really doesn’t add up. On the one hand, companies are operating from a reactive security posture and tending to symptoms, rather than causes. Yet they still believe they can detect threats much faster than the industry average, even though they are not actively seeking them out. Hackers today are determined, sophisticated, and well-funded – sitting and waiting for them to make a mistake and expose themselves is not an effective strategy. However, many security teams are flying blind, unable to prioritise threats because of the huge volumes of alerts they receive. Companies need to automate processes where possible to free up security teams time to hunt threats and disrupt hackers during an attack, rather than just picking up the pieces in the aftermath.”
The survey also looked at the ways in which security teams are using technology to be alerted to threats and found that many of the tools that businesses are relying on are not equipped to deal with the new range of attacks facing organizations. While firewalls (94 percent) and AV (90 percent) are almost ubiquitous, and two-thirds of companies are using encryption (64 percent) or intrusion detection systems (62 percent), less than half of organizations (44 percent) have advanced endpoint protection in place. In addition, most businesses are hampered by the fact they are only aware of attacks in their immediate environment, with no perspective of what is happening in the broader market. As a result, 89 percent of CIOs think that security vendors need to collaborate more to provide contextual information about the threats they face.
Johnson continues: “Digital businesses are more open and accessible than ever before, as we are all constantly connected to the Internet. As such, our security perimeter is no longer the network, but the endpoints we use to connect – which are multiplying in number and range every day. However, while the nature of the threats we face is changing, our approach to security is yet to catch up. AV cannot protect the endpoint against zero day attacks, IDS will not prevent a malicious file from executing on a laptop. Not only are CIOs not using the right tools, but they also have no visibility outside their own environment – they’re not asking themselves; has anyone else had this problem? If so, how did they resolve it? The next generation of security needs to use collective intelligence of thousands of users, share knowledge and patterns of attack behaviours across a community. We all have the same goal, to hit back against the bad guys, so we need to unite to do this more effectively.”
The survey of 200 CIOs at UK businesses across multiple industry sectors and with more than 1,000 employees was commissioned by Carbon Black and conducted by independent research firm Vanson Bourne in January 2016.