In-depth

Three reasons why cyber threat detection is still ineffective

Why 75% of organisations are dissatisfied with their ability to investigate threats

Cyber crime

Three in four organisations are dissatisfied with their current ability to detect and investigate threats using their current data and tools, new research has found.

Consequently, IT security departments are frantically searching for fresh ways to overcome problems with visibility, siloed data and consistency, according to security firm RSA, which surveyed 160 organisations of varying sizes.

From investment imbalance to fragmented data collection methods, there are many complicated and nuanced reasons companies are less equipped to deal with threats once they move past the prevention stage, and fewer and fewer security leaders feel completely confident in their ability to detect attacks with the desired speed and agility.

Below we cover the three major reasons organisations like yours are struggling to detect and fight cyber security breaches effectively.

Too much focus on prevention

This might seem like an odd one, given that we've always been taught that prevention is the best way to protect ourselves in most areas of life, for instance, knowing to eat well and exercise to prevent falling ill, rather than fighting illness later on. However, when it comes to cyber security, it's important to also invest significantly in detection and response for times when threats succeed in infiltrating your business.

RSA found the average allocation of security budgets is unevenly split between the three main areas, with 47% going to prevention versus 25% to detection and 28% to response. This leaves companies vulnerable to attack, and means attacks become more likely to succeed past a certain point.

Not collecting valuable data

Data collection is the key here, but too many organisations are still overlooking some of the most valuable information at their disposal. RSA's survey also discovered that while 88% of companies collect data from network perimeter infrastructure, far fewer respondents utilise sources such as endpoints (59%), identity and access management systems (55%) and network packet/flow (49%).

By far the most surprising result showed just 27% of companies were reporting the use of data from cloud-based apps and infrastructure to help detect threats. What's more, those that do use a wider range of data saw far more value in specific sources than those that don't. For example, companies collecting identity management systems data saw 77% more value in it than those overlooking it in their strategies.

Integration is also an issue, with just 21% claiming to have fulling integrated this data, while 79% are left with partial integration or no integration at all.

Low adoption for most effective techniques

Security is a uniquely fast-moving world, and organisations must think ever faster in order to keep up. Technologies for both detection and investigation into threats are vast, but many of the most effective tools - such as automation and analytics - suffer from low adoption and are thus underutilised by the industry.

More than 60 per cent of businesses deploy SIEM, but slightly newer detection methods such as user behaviour analytics still haven't gained as much traction as they should. However, when asked about future investment, organisations cited this as their top priority moving forwards with 32 per cent planning to introduce it within the next year - totalling 62 per cent.

Investment into new and more efficient technologies must be prioritised by businesses if they are to gain more visibility and improve detection and response. Automation can make this much easier and more cost-effective, and investment into behavioural analytics will accelerate this further.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Security best practices for PostgreSQL

Securing data with PostgreSQL

Download now

Transform your MSP business into a money-making machine

Benefits and challenges of a recurring revenue model

Download now

The care and feeding of cloud

How to support cloud infrastructure post-migration

Watch now

Recommended

How to encrypt files and folders in Windows 10
encryption

How to encrypt files and folders in Windows 10

9 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Evidence suggests REvil behind Harris Federation ransomware attack
ransomware

Evidence suggests REvil behind Harris Federation ransomware attack

9 Apr 2021
Fujitsu taps Trend Micro to secure private 5G networks in smart factories
5G

Fujitsu taps Trend Micro to secure private 5G networks in smart factories

8 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Data belonging to 500 million LinkedIn users found for sale on hacker marketplace
hacking

Data belonging to 500 million LinkedIn users found for sale on hacker marketplace

8 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021