Confidence Wanes in Enterprise Ability to Detect a Network Attack

It’s no secret that cyber-attacks are escalating in scale, frequency and complexity—and IT departments are starting to doubt their ability to stave off a compromise. In fact, a full 48% of IT security professionals have admitted they are not confident that they could detect an attacker attempting to breach their network, according to a new survey from Lieberman Software.

The survey also revealed that respondents are finding it more difficult to cope with cyber-attacks today than a year ago. When Lieberman Software conducted a similar survey at Black Hat 2013, the majority of respondents (57%) revealed they were confident that their organization's security products and processes could keep up with new and emerging security threats. However, in the 2014 study, this figure dropped significantly, to only 41%. Meanwhile, 44% said that they do not have confidence, and 15% were unsure.

“The latest targeted cyber-attacks on government organizations and high-profile companies show the need for better awareness and responsiveness in cybersecurity,” said Philip Lieberman, CEO of Lieberman Software, in the report. “Organizations should no longer be solely dependent on perimeter security products, like firewalls and intrusion detection, to protect their systems. Today they need IT staff who are better trained to identify potential attacks, and interior security solutions that can restrict lateral movement in the network when attacks do manage to penetrate the perimeter.”

Other findings from the survey showed that 59% of respondents believe a state-sponsored attack will attempt to breach their organization in the next six months. More startling, among those fearful of state-sponsored attacks, 44% confess that they could not detect the presence of an attacker attempting to penetrate their network to access sensitive data.

However, last year, 52% of those surveyed were not confident in their organization’s ability to detect state-sponsored attacks, suggesting that more IT groups took proactive measures in this regard over the past year.

“Despite these findings the reality is that most organizations—whether in finance, retail or other highly targeted industries—really have minimal protection against sophisticated nation-state attacks,” Lieberman said. “The lesson to be learned is that organizations need to up their cybersecurity game and move from off-the-shelf security tools to much more advanced military-grade security. Too many organizations are simply focused on obtaining passing grades from security auditors, but fail to place enough emphasis on the real and constant advanced persistent threats from the outside.”

What’s Hot on Infosecurity Magazine?