Data theft is a primary concern for IT decision makers, ahead of ransomware attacks, according to a survey conducted by Integrity 360.
The company has also recently inaugurated a new security operations center in Dublin, Ireland.
Speaking to Infosecurity Brian Martin, head of product development, innovation and strategy at Integrity360, said: “We were expecting ransomware to be number one, but it turns out, amongst the surveyed population, that data theft came out quite significantly on top.”
The company surveyed 205 IT security decision maker between August 9-14, 2023 from various verticals, organization size and across different roles within cybersecurity. Over half of the respondents (55%) cited data theft as the biggest concern, with ransomware taking third place (29%) after phishing (35%).
On further breakdown of the findings, CIOs (30%) and CTOs (33%) surveyed also ranked advanced persistent threats (APTs) and targeted attacks as a bigger concern than ransomware.
Nation-State Threats a Concern
Martin said: “Most APT attacks are targeted and they're pretty well-crafted, stealthy and generally well- resourced, possibly state-sponsored.”
He noted that these qualities mean that APTs are particularly difficult for cybersecurity practitioners to detect and defend against.
Martin cautioned, however, that before organizations worry about advanced threats they ought to ensure that they have basic cybersecurity hygiene in place.
“APTs aren’t completely discriminate about who they attack, historically they tended to focus on critical national infrastructure or financial institutions hosting sensitive information and intellectual property. If you’re not in that category, yes you should worry about targeted attacks, but APTs wouldn’t be the number one priority,” Martin explained.
There was also a divide between the members of the industry who were concerned about APT attacks with Martin explaining that senior leaders seemed more concerned than security analysts working on the ground day-to-day.
Other findings included 89% of respondents reporting an increase in the volume of security alerts over the past 12 months.
Ireland’s New Security Operations Center
The company also recently inaugurated a new security operations center (SOC) at its location in Dublin following a €8m investment.
The purpose-built facility will expand the company’s pan-European network of SOCs located in Sofia, Stockholm and Naples. The Sandyford facility in Dublin will be the group’s largest SOC utilizing the latest technology and secure biometrics systems.
Minister for Enterprise, Trade and Employment, Simon Coveney attended the opening of the new SOC and noted the cybersecurity challenges Ireland has faced with, including the notorious HSE attack of 2021 which took Ireland’s healthcare system offline following a ransomware attack. Coveney commented that the government’s partnership with companies like Integrity 360 is important so the nation does not see a repeat of the 2021 incident.
What Happens in the SOC?
Integrity 360 outlines some of the elements and operations anyone could expect to find in a SOC.
- Firewall services: Perimeter defenses of a company network.
- Threat vulnerability management: Scanning of a customer’s network and examining patching levels then highlighting critical vulnerabilities.
- Incident response management: Access to malware experts who can add the decision-making perspective, proprietary tools and proven methodologies to respond quickly when an incident does occur.
- Managed detection and response (MDR): Rapid response and containment of threats that have bypassed preventative controls across networks, endpoints and cloud, hence delivering improved security outcomes for clients.
Of the alerts the SOC receives, 95% are dealt with by Integrity 360 staff without the need to notify the customer. Currently, the company deals with around 22,000 tickets per month from 600,000 indicators. Alerts are acknowledged within 15 minutes.