Research reveals IT leaders’ scrutiny towards ‘prevention-centric’ security strategies and solutions
Vectra AI, a leader in AI-driven threat detection and response for hybrid and multi-cloud enterprises, today released the findings of its latest Security Leaders Research Report. The global research study, which surveyed 1,800 global IT security decision-makers at companies with over 1,000 employees, revealed that, from February 2021 to February 2022, 74 percent of respondents experienced a significant security event within their organization that required an incident response effort.
This alarming statistic comes as cyber threats increase and security and IT teams face mounting expectations to keep their organizations protected from such threats. 92 percent of survey respondents stated that they had felt increased pressure to keep their organization safe from cyberattacks over the past year.
The report unearths that the security industry still fails to keep pace with evolving cybercrime tactics, techniques, and procedures (TTPs). Legacy ‘prevention-centric’ security strategies and solutions, which fail to comprehend the complexities of modern attacker behavior, remain prominent, leaving organizations open and exposed to a potential breach. Key findings of the research include:
- 83 percent believe that traditional approaches do not protect against modern threats and that we need to change the game when it comes to dealing with attackers
- 79 percent of security decision-makers have bought tools that have failed on at least one occasion – citing poor integration, failure to detect modern attacks, and lack of visibility as reasons
- Nearly 3 out of 4 (72 percent) think that they may have been breached and don’t know about it— 43 percent believe that this is “likely”
- 83 percent say that the board’s security decisions are influenced by existing relationships with legacy security and IT vendors
- 87 percent of respondents state that recent high-profile attacks have meant that boards are starting to take proper notice of cybersecurity
“While organizations should certainly try to make life as difficult as possible for an attacker, prevention should not come at the expense of detection,” said Tim Wade, Deputy Chief Technology Officer at Vectra. “If a threat actor successfully gains access to a corporate device or network, there are still several stages of the attack chain that they need to complete before reaching their target. In a high-risk game where the bad guys hold many winning cards, detection and response is the best option to minimize the impact of any breach as quickly as possible.”
In addition to the more than eight-in-ten (83 percent) of respondents that acknowledged that legacy approaches don’t protect against modern threats, 71 percent think that cyber-criminals are leapfrogging current tools and that security innovation is years behind that of the hackers. A further 71 percent feel that security guidelines, policies and tools are failing to keep pace with threat actor TTPs. The ongoing cybersecurity skills shortage was also cited as an obstacle for moving away from legacy security strategies with 50 percent stating that they could use more security talent on their team.
“Digital transformation and IT modernization initiatives are driving change at an ever-increasing pace. Yet, companies are not the only one’s innovating. Cybercriminals are too,” added Wade. Organizations need security leaders who can speak the language of business risk and boards that are prepared to listen. But, most importantly, organizations need a technology strategy based around an understanding that it’s ‘not if but when’ they are breached.”
For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybersecurity, go to AI-Techpark.com.
