In-depth

Three reasons why cyber threat detection is still ineffective

Why 75% of organisations are dissatisfied with their ability to investigate threats

Cyber crime

Three in four organisations are dissatisfied with their current ability to detect and investigate threats using their current data and tools, new research has found.

Consequently, IT security departments are frantically searching for fresh ways to overcome problems with visibility, siloed data and consistency, according to security firm RSA, which surveyed 160 organisations of varying sizes.

Advertisement - Article continues below

From investment imbalance to fragmented data collection methods, there are many complicated and nuanced reasons companies are less equipped to deal with threats once they move past the prevention stage, and fewer and fewer security leaders feel completely confident in their ability to detect attacks with the desired speed and agility.

Below we cover the three major reasons organisations like yours are struggling to detect and fight cyber security breaches effectively.

Too much focus on prevention

This might seem like an odd one, given that we've always been taught that prevention is the best way to protect ourselves in most areas of life, for instance, knowing to eat well and exercise to prevent falling ill, rather than fighting illness later on. However, when it comes to cyber security, it's important to also invest significantly in detection and response for times when threats succeed in infiltrating your business.

RSA found the average allocation of security budgets is unevenly split between the three main areas, with 47% going to prevention versus 25% to detection and 28% to response. This leaves companies vulnerable to attack, and means attacks become more likely to succeed past a certain point.

Not collecting valuable data

Data collection is the key here, but too many organisations are still overlooking some of the most valuable information at their disposal. RSA's survey also discovered that while 88% of companies collect data from network perimeter infrastructure, far fewer respondents utilise sources such as endpoints (59%), identity and access management systems (55%) and network packet/flow (49%).

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

By far the most surprising result showed just 27% of companies were reporting the use of data from cloud-based apps and infrastructure to help detect threats. What's more, those that do use a wider range of data saw far more value in specific sources than those that don't. For example, companies collecting identity management systems data saw 77% more value in it than those overlooking it in their strategies.

Integration is also an issue, with just 21% claiming to have fulling integrated this data, while 79% are left with partial integration or no integration at all.

Low adoption for most effective techniques

Security is a uniquely fast-moving world, and organisations must think ever faster in order to keep up. Technologies for both detection and investigation into threats are vast, but many of the most effective tools - such as automation and analytics - suffer from low adoption and are thus underutilised by the industry.

More than 60 per cent of businesses deploy SIEM, but slightly newer detection methods such as user behaviour analytics still haven't gained as much traction as they should. However, when asked about future investment, organisations cited this as their top priority moving forwards with 32 per cent planning to introduce it within the next year - totalling 62 per cent.

Investment into new and more efficient technologies must be prioritised by businesses if they are to gain more visibility and improve detection and response. Automation can make this much easier and more cost-effective, and investment into behavioural analytics will accelerate this further.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
Police use of facial recognition ruled unlawful in the UK
privacy

Police use of facial recognition ruled unlawful in the UK

11 Aug 2020