A new survey has revealed a worrying trend in the security arena, with a third of security professionals lack effective intelligence to detect and action cyber threats.
The survey, from Anomali – market leaders in threat intelligence platforms, also shows that almost a quarter believe they are over a year behind the average threat actor, and half of this admitting to two-five years behind.
The worrying information confirms that many organisations are not adequately mitigating cyber risks, despite detection and response being cited as the top security priority.
Results from the survey show:
- Almost one in five (17%) of respondents haven’t invested in any threat detection tools such as SIEM, paid or open threat feeds, or User and Entity Behaviour Analytics (UEBA)
- Two-thirds of respondents maintain fewer than 200 days of log data online for analysis/forensics, despite hackers often lurking undetected for this length of time
- 80% of security professionals do not consult historical logs on a daily basis to investigate past exposure to threats
- Only 13% compare historical logs with threat feeds/indicators of compromise daily
It shows that organisations not only struggle to detect malicious activity at the earliest stage of a breach, but do not learn from past exposures, which leaves numerous vulnerabilities undiscovered.
Organisations need to be educated that cyber attacks are not ‘lucky shots’ but deliberately planned and executed over time, with cyber criminals lurking undetected inside enterprises’ IT systems for 200 days or more before discovery.
While lurking in the background, attackers can gain access inside the network, escalate privileges, search for high value information, and ultimately exfiltrate data or perform other malicious activities. However, the survey shows just 20% consult past logs daily.
“The ‘200 day problem’ arises from the fact that logs are produced in such massive quantities that typically only 30 days are retained and running searches over long time ranges can take hours or even days to complete,” says Jamie Stone, Vice President, EMEA at Anomali. “Detecting a compromise at the earliest stage possible can identify suspicious or malicious traffic before it penetrates the network or causes harm. It’s imperative to invest in technologies security teams can use to centralise and automate threat detection, not just daily but against historical data as well.”
“Organisations must wake up to the daily reality of cyber-attacks and start viewing security as a business enabler that can support and add value to the business as it transforms and innovates. It’s all too common that IT purchase decisions are driven solely by budget rather than need. Implementing the bare minimum is not an option, bolstering cyber security postures must be prioritised. Solutions such as a threat intelligence platform will enable organisations to proactively detect and respond to the modern cyber adversary,” continued Mr Stone.
If you would like to join our community and read more articles like this then please click here
Cyber cyber attacks cyber security cyber threat
Post written by: Vicky Maggiani
Vicky has worked in media for over 20 years and has a wealth of experience in editing and creating copy for a variety of sectors.
RELATED ARTICLES
November 19, 2024
OSINT Technology advances are just what the UKs hard-pressed defence sector needs
Open-source intelligence (OSINT) is now critical to defence and national security, but the sheer volume of available online multi-media data
October 21, 2024
International opportunities abound
How defence contractors benefit from increased defence spend and strategic cross-border initiatives, article submitted by Richard Tall, Hans Mehrens,
