Quick detection of a cyber-attack can lead to double-digit reductions in business impact from the incident. But businesses need to re-architect their security platforms in order to get there.
New insight detailed in a report from Aberdeen Group reveals that doubling detection and response speed to cyber-attacks produces a median reduction of 70% in impact on the availability of enterprise computing infrastructure. And, improvements to detection and response speed following a data breach produces a median reduction of 30% in impact on the business, compared to the status quo.
The findings help contextualize the current cybersecurity climate, which McKinsey and the World Economic Forum have previously described as one where 60% of technology executives agree the sophistication as well as the pace of attacks will increase faster than the ability of institutions to defend themselves.
The report also consolidates existing research from Aberdeen Group, which found that two out of five (39%) organizations are moving from a traditional, PC-oriented computing environment toward an increasingly mobile-first infrastructure, and half (49%) of all respondents have already invested in connected devices (IoT) initiatives. Also, today’s virtualization and cloud computing initiatives typically involve 336 products from 57 vendors, resulting in more than 1.6 billion permutations in the simple six-layer stack. The report describes a dynamic infrastructure, which includes a mix of traditional servers, private clouds and public clouds as the new normal, and notes that its complexity means that using prevention-led methods cannot be successful 100% of the time.
“Criminals are gaining access to our networks regardless of how much money has been spent on perimeter defenses,” said Kirsten Bay, president and CEO of Cyber adAPT, which sponsored the report. The unique, new insights released today demonstrate the pressing need for CISOs to be able to quickly detect these inevitable breaches and act upon them immediately, if they are to limit the impact.”
This has all led to fragmentation on the security front. For instance, in Aberdeen Group’s study of 3,000 current network firewall installations, nearly half (46%) of all organizations were dealing with multiple sites and/or multiple firewall vendors. And, in an analysis of nearly 11,000 security monitoring and analytics installations, two-thirds of CISOs are taking a tools-based approach to cybersecurity, installing a single product at a single site. The remaining third of installations typified a platform approach.
“Today’s enterprise computing infrastructure is increasingly digital, edgeless and hybrid,” Bay said. “With a vast number of firewall installations and other security tools to manage, the data demonstrates that a strategy focused on prevention alone is no longer enough—detecting anomalies and defending this blurred perimeter is simply beyond human capability.”
The report recommended that CISOs make the business case for how faster detection, effective response, and rapid recovery reduces the impact of attacks.
“Our report shows that in securing increasingly complex computing infrastructures CISOs have a bastion of tools at their disposal,” said Derek Brink, vice president and research fellow at Aberdeen Group and author of the report. “But this has only served to deliver an onslaught of alerts, which take time to filter. To regain their time advantage against attackers, CISOs need a single platform, which integrates data from multiple sources and offers optimized visibility into a rapidly changing threat landscape. This will allow them to detect threats in real-time and respond before attackers compromise information and remove access to vital infrastructure.”