The majority of European companies are failing to prepare themselves for the next cyber-attack, according to new research from operational intelligence software platform provider Splunk.
The IDC survey of 400 large organizations in the UK, France, Germany, Sweden and the Netherlands found that an overreliance on outdated security technologies is putting firms at risk, whilst they also lack the approaches and mindset to detect breaches once they occur.
Detecting and Responding to the Accidental Breach: The Impact of the Hapless User revealed that although threats from within an organization – often a result of malicious insiders or ‘hapless users’ – are still one of the prime causes of security breaches, they are poorly understood by companies.
As a result, most organizations are more concerned about threat types such as viruses (67%), APTs (42%), phishing (28%) and poor user security practices (27%), all of which are often caused by staff who unintentionally allow their valid credentials or trusted access to be hijacked, with Splunk arguing that companies are looking in the wrong places to detect attacks and avoid breaches.
This is highlighted further by the fact that almost all respondents recognize the importance of using firewalls (98%) and anti-virus (96%) designed to protect a traditional network-based perimeter, but just 15% see the need to back such methods up with security analytics or user behavior analytics (12%) to detect breaches after they occur. What’s more, less than half (41%) of respondents have either a dedicated internal incident response team or a security operations center (34%) in place.
Speaking to Infosecurity Ben Johnson, chief security strategist for Carbon Black argued that the network perimeter is dead, so simply relying on traditional perimeter-based security solutions will leave an organization vulnerable to virtually any advanced attack.
“Attackers are no longer working in a vacuum. It is time for us to stop defending in one. Understanding an attacker’s behavior patterns via analytics is a huge step in understanding the underlying cause of attacks. Forward-thinking security teams are, of course, defending the perimeter, but not in isolation. They are constantly leveraging computational power through automation and analytics to compensate for the mismatch between security events and number of people to analyze them. This game is won at a much deeper level than the perimeter,” he said.
Piers Wilson, head of product management at Huntsman Security expressed a similar view, explaining that a crucial component of a more holistic, real-time analytics-driven approach to threat detection and response is the ability to recognize the risk across the business.
“While security teams will recognize the threat a breach presents,” he said, “it’s also vital that the rest of the organization is also able to understand the danger so they can take the appropriate action. This means being able to represent risks in a way that other areas of the business understand.
“For instance, the CFO will be more moved by the risk that payment systems will have to be shut down for an unspecified length of time, preventing the business from gathering revenue, than a poorly-understood risk to a non-specific server cluster. If the whole of the business understands the threats it faces, and the potential consequences, then it will be easier to take action.”