Half of IT security practitioners in the US view their organization as an unlikely target for attack—even though the reality is that all organizations are at risk indiscriminately.
According to a report from the Ponemon Institute, this largely positive outlook could be contributing to a lack of cyber-preparedness as 61% of respondents admitted a lack of confidence in their organization’s ability to detect advanced threats.
“This research reveals some major disconnects that IT professionals seem to have between perception and reality,” said Larry Ponemon, chairman and founder of the Ponemon Institute. “While even circumstantial evidence points to the increasing volume and severity of cyber-threats, it’s shocking to learn that half of security pros don’t even view themselves as a target. We’re also seeing discrepancies in the way teams are viewing and reacting to advanced persistent threats. Overall, they’re not confident in their ability to detect advanced threats, but they’re not doing much about it. It’s clear that new solutions are needed.”
When asked what type of cyberattacks cause the greatest concern, the most common answer by far was advanced persistent threats (67%), followed by zero-day attacks (57%) and login attacks (37%).
Despite this high level of concern and a lack of confidence in their ability to detect advanced threats, respondents expressed a surprising disconnect in their urgency to make changes that would address these issues. When asked how their use of advanced threat detection technologies would change 12 months from now, 49% said their usage would either not change (43%) or decrease (6%).
And, only 36% of respondents are using security analytics, even though 90% believe security analytics is either essential (19%), very important (45%) or important (26%) to their organization’s ability to maintain strong security.
“These results show that organizations are moving slowly to adopt security analytics technology as part of their advanced threat detection programs,” said Mark Jaffe, CEO of Prelert, which sponsored the report. “Most established security vendors have been slow to embrace analytics as part of their advanced threat detection offerings, which might lead some to assume that the technology is immature.”
However, he added, “much like how voice recognition technology has advanced rapidly in the past few years, so has machine-learning based security analytics technology. Organizations should be adding this effective capability to their advanced threat detection programs sooner rather than later.”