In-depth

Three reasons why cyber threat detection is still ineffective

Why 75% of organisations are dissatisfied with their ability to investigate threats

Cyber crime

Three in four organisations are dissatisfied with their current ability to detect and investigate threats using their current data and tools, new research has found.

Consequently, IT security departments are frantically searching for fresh ways to overcome problems with visibility, siloed data and consistency, according to security firm RSA, which surveyed 160 organisations of varying sizes.

From investment imbalance to fragmented data collection methods, there are many complicated and nuanced reasons companies are less equipped to deal with threats once they move past the prevention stage, and fewer and fewer security leaders feel completely confident in their ability to detect attacks with the desired speed and agility.

Below we cover the three major reasons organisations like yours are struggling to detect and fight cyber security breaches effectively.

Too much focus on prevention

This might seem like an odd one, given that we've always been taught that prevention is the best way to protect ourselves in most areas of life, for instance, knowing to eat well and exercise to prevent falling ill, rather than fighting illness later on. However, when it comes to cyber security, it's important to also invest significantly in detection and response for times when threats succeed in infiltrating your business.

RSA found the average allocation of security budgets is unevenly split between the three main areas, with 47% going to prevention versus 25% to detection and 28% to response. This leaves companies vulnerable to attack, and means attacks become more likely to succeed past a certain point.

Not collecting valuable data

Data collection is the key here, but too many organisations are still overlooking some of the most valuable information at their disposal. RSA's survey also discovered that while 88% of companies collect data from network perimeter infrastructure, far fewer respondents utilise sources such as endpoints (59%), identity and access management systems (55%) and network packet/flow (49%).

By far the most surprising result showed just 27% of companies were reporting the use of data from cloud-based apps and infrastructure to help detect threats. What's more, those that do use a wider range of data saw far more value in specific sources than those that don't. For example, companies collecting identity management systems data saw 77% more value in it than those overlooking it in their strategies.

Integration is also an issue, with just 21% claiming to have fulling integrated this data, while 79% are left with partial integration or no integration at all.

Low adoption for most effective techniques

Security is a uniquely fast-moving world, and organisations must think ever faster in order to keep up. Technologies for both detection and investigation into threats are vast, but many of the most effective tools - such as automation and analytics - suffer from low adoption and are thus underutilised by the industry.

More than 60 per cent of businesses deploy SIEM, but slightly newer detection methods such as user behaviour analytics still haven't gained as much traction as they should. However, when asked about future investment, organisations cited this as their top priority moving forwards with 32 per cent planning to introduce it within the next year - totalling 62 per cent.

Investment into new and more efficient technologies must be prioritised by businesses if they are to gain more visibility and improve detection and response. Automation can make this much easier and more cost-effective, and investment into behavioural analytics will accelerate this further.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Government agencies see misconfigured cloud services as top security threat
Security

Government agencies see misconfigured cloud services as top security threat

22 Oct 2020
Lookout reveals mobile-first endpoint detection and response solution
Security

Lookout reveals mobile-first endpoint detection and response solution

21 Oct 2020
Cisco finds an increase in security concerns due to remote working
Security

Cisco finds an increase in security concerns due to remote working

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020

Most Popular

The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020