In-depth

Three reasons why cyber threat detection is still ineffective

Why 75% of organisations are dissatisfied with their ability to investigate threats

Cyber crime

Three in four organisations are dissatisfied with their current ability to detect and investigate threats using their current data and tools, new research has found.

Consequently, IT security departments are frantically searching for fresh ways to overcome problems with visibility, siloed data and consistency, according to security firm RSA, which surveyed 160 organisations of varying sizes.

From investment imbalance to fragmented data collection methods, there are many complicated and nuanced reasons companies are less equipped to deal with threats once they move past the prevention stage, and fewer and fewer security leaders feel completely confident in their ability to detect attacks with the desired speed and agility.

Below we cover the three major reasons organisations like yours are struggling to detect and fight cyber security breaches effectively.

Too much focus on prevention

This might seem like an odd one, given that we've always been taught that prevention is the best way to protect ourselves in most areas of life, for instance, knowing to eat well and exercise to prevent falling ill, rather than fighting illness later on. However, when it comes to cyber security, it's important to also invest significantly in detection and response for times when threats succeed in infiltrating your business.

Advertisement
Advertisement - Article continues below

RSA found the average allocation of security budgets is unevenly split between the three main areas, with 47% going to prevention versus 25% to detection and 28% to response. This leaves companies vulnerable to attack, and means attacks become more likely to succeed past a certain point.

Not collecting valuable data

Data collection is the key here, but too many organisations are still overlooking some of the most valuable information at their disposal. RSA's survey also discovered that while 88% of companies collect data from network perimeter infrastructure, far fewer respondents utilise sources such as endpoints (59%), identity and access management systems (55%) and network packet/flow (49%).

By far the most surprising result showed just 27% of companies were reporting the use of data from cloud-based apps and infrastructure to help detect threats. What's more, those that do use a wider range of data saw far more value in specific sources than those that don't. For example, companies collecting identity management systems data saw 77% more value in it than those overlooking it in their strategies.

Integration is also an issue, with just 21% claiming to have fulling integrated this data, while 79% are left with partial integration or no integration at all.

Low adoption for most effective techniques

Security is a uniquely fast-moving world, and organisations must think ever faster in order to keep up. Technologies for both detection and investigation into threats are vast, but many of the most effective tools - such as automation and analytics - suffer from low adoption and are thus underutilised by the industry.

More than 60 per cent of businesses deploy SIEM, but slightly newer detection methods such as user behaviour analytics still haven't gained as much traction as they should. However, when asked about future investment, organisations cited this as their top priority moving forwards with 32 per cent planning to introduce it within the next year - totalling 62 per cent.

Investment into new and more efficient technologies must be prioritised by businesses if they are to gain more visibility and improve detection and response. Automation can make this much easier and more cost-effective, and investment into behavioural analytics will accelerate this further.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019