IT professionals ‘overconfident in cyber attack detection’: study
- Published: Tuesday, 16 February 2016 09:01
Tripwire, Inc., has published the results of an extensive study conducted by Dimensional Research on its behalf. The study evaluated the confidence of IT professionals regarding the efficacy of seven key security controls that must be in place to quickly detect a cyber attack in progress. Study respondents included 763 IT professionals from retail, energy, financial services and public sector organizations in the US.
The majority of the respondents displayed high levels of confidence in their ability to detect a data breach even though they were unsure how long it would take automated tools to discover key indicators of compromise. For example, when asked how long it would take automated tools to detect unauthorized configuration changes to an endpoint on their organizations’ networks, 67 percent only had a general idea, were unsure or did not use automated tools. However, when asked how long it would take to detect a configuration change to an endpoint on their organizations’ networks, 71 percent believed it would happen within minutes or hours. Configuration changes are a hallmark of malicious covert activity.
Additional study findings include:
- 48 percent of energy and health care respondents said they had the lowest percentage of successful patches in a typical patch cycle, with a success rate of less than 80 percent.
- Nearly two-thirds (62 percent) of respondents were unsure how long it would take for automated tools to generate an alert if they detected an unauthorized device on the network, while 87 percent believed it would happen within hours.
- Nearly half (48 percent) of respondents working for federal government organizations said not all detected vulnerabilities are remediated within 15 to 30 days.
- 42 percent of midmarket organizations do not detect all attempts to access files on local systems or network-accessible file shares by users who do not have the appropriate privileges.
- 61 percent of respondents working in the financial services sector said their automated tools do not pick up all the information necessary to identify the locations, departments and other critical details about unauthorized configuration changes to endpoint devices.
- Only 23 percent of respondents said that 90 percent of the hardware assets on their organizations’ networks are automatically discovered.
The study is based on seven key security controls required by a wide variety of security regulations, including PCI DSS, SOX, NERC CIP, MAS TRM, NIST 800-53 and IRS 1075.More information on the study.