Detection and remediation capabilities still need work at most organizations: Less than half of all organizations in a benchmark survey from LogRhythm were able to detect a major cybersecurity incident within one hour. Even more concerning, more than two-thirds said that even if they detected a major incident, they would be unable to contain it within that same time frame.
The study surveyed 751 IT decision makers from the US, UK and Asia-Pacific and found that there are many factors that enable a security team to quickly detect and respond to an incident, including technology, process, programs and people.
When it comes to technology, a strong majority (nearly 80%) of IT executives said that a platform for security management, analysis and response is beneficial, though only about a third rate such a platform as “very” beneficial. This response may reinforce the notion that true security confidence cannot be created with technology alone.
When asked to consider how their organization is operating from a threat lifecycle management (TLM) perspective – as an approach that includes discovery, qualification, neutralization and recovery from cyber-attacks – IT executives were not overly optimistic. About a third of all respondents reported that they need help at virtually all stages in the TLM workflow, especially detecting, investigating, neutralizing and recovering from cyber-threats.
“Cyber-threats continue to grow in volume and intensity. Seemingly every month, another massive security breach dominates the headlines,” said Matt Winter, VP of marketing and business development at LogRhythm. “To combat these threats, organizations need to carefully plan their budgets and strategies while developing effective programs that tackle specific threats and keep them one step ahead of cyber-attackers.”
The survey also uncovered that many companies are focused on growing their security maturity, and team size is an important indicator. On average, companies employ 12 cybersecurity professionals in their organization. However, more than half of the respondents said that they employ 10 or fewer.
Special threat detection programs are another indicator of security maturity. This study found that most decision-makers – more than 70% of respondents – have programs in place to detect specific threats, such as ransomware, insider or employee threats, and denial of service (DoS) attacks. The vast majority of IT decision makers (95%) also use security software to prevent and react to threats. And more than a quarter deploy at least 10 security software solutions to manage security threats.
As a result of all of this, a majority of organizations are only moderately confident in their ability to protect their companies against hackers. When it comes to confidence levels, about half of security decision makers believe that a determined hacker can still breach their organization. In fact, over one-third reported that their company has experienced a breach in the past year –ranging from 29% in the United States to 39% in the Asia-Pacific region.
When specifically asked about level of confidence, these decision makers revealed that they have only moderately positive confidence in their cybersecurity measures and abilities, suggesting an attitude that is more hopeful than truly confident.
Similarly, most IT executives (over 60%) are only somewhat confident that their security software can detect all major breaches. Likewise, they are only moderately confident that they can protect their companies from hackers.
In addition, the level of confidence in one’s security is also swayed by other variables, such as the implementation of programs that target specific types of threats. For instance, decision makers who did not report having programs to protect against threats such as ransomware, insider threats and service-denial attacks are less confident in their security programs. Unsurprisingly, that same segment reported slower rates of detection, response and containment.