IT professionals in the United States believe they are able to detect a cyberattack when it occurs thanks to the implementation of new cybersecurity technologies, but the indicators of a cyberattack are not reported quickly enough.
Some IT professionals will only find out a matter of days, weeks, or alarmingly, months after an attack takes place. Confidence may be high in the ability to detect a cyberattack, but when it comes to damage limitation, many companies are coming up short because some of the key indicators of a cyberattack are not reported rapidly.
In order to limit the damage caused by hackers and malicious insiders, it is essential that intrusion attempts are rapidly identified and IT pros are alerted if unauthorized devices connect to networks. IT professionals must therefore implement a number of technological controls to identify the common indicators of a cyberattack, and must configure systems to send alerts rapidly. If an intrusion can be identified within minutes, it should be possible to contain an attack, hopefully before access to critical data is gained or physical damage to critical infrastructure has occurred.
The ability to detect a cyberattack has certainly improved in recent years as companies have invested more in cybersecurity technology, but in many cases it is only when a cyberattack actually takes place that companies find out how effective or ineffective those technologies have been.
Cybersecurity firm Tripwire recently commissioned a survey with Dimensional Research to find out how IT professionals rate their cybersecurity defenses and how effective those defenses actually are at detecting potentially malicious activity on their networks.
Organizations Can Detect a Cyberattack but Some Indicators of a Cyberattack are Reported Too Slowly
The company asked 763 IT security professionals questions about the security controls they had implemented and the efficacy of those security solutions. Current security regulations require organizations to implement a number of security measures to ensure they are able to identify a potential cyberattack when it occurs. These include maintaining an accurate software and hardware inventory, implementing patch management policies, logging successful and unsuccessful access attempts, implementing access controls, continuously monitoring hardware and software configurations, and conducting organization-wide risk assessments.
When all of these controls are implemented, IT security professionals can gain an important understanding of their company’s security posture and should be able to identify malicious or suspect activity when it occurs. These controls allow IT security professionals to act quickly and take action before any damage is caused.
However, while many organizations are complying with industry regulations by implementing security controls, in many cases they are not proving to be effective enough to detect all of the indicators of a cyberattack rapidly.
Key Findings of TripWire’s 2016 Breach Detection Study
- 67% of organizations only had a general idea about how long their automated tools would take to identify configuration changes on networked end point devices
- Only 71% of respondents would find out about configuration changes in minutes or hours
- 62% of respondents said they did not know how long it would take to detect an unauthorized device on their network
- Almost half of healthcare and energy industry IT security professionals (48%) said in a typical patch cycle the success rate was lower than 80%
- More than four out of ten respondents from midmarket organizations said they could not detect all file access attempts by users who had not been given the necessary file access privileges
- Hardware assets on networks were not always discovered. 90% or more of the hardware assets on a network were discovered by just 23% of respondents
- Security vulnerabilities were detected and resolved within 15-30 days by only 48% of federal government organizations
The study results show that organizations have improved their security posture, but if IT security professionals are not rapidly alerted to a potential cyberattack they will not be able to take affirmative action quickly enough to prevent damage from being caused. In order to effectively defend against cyberattacks, it is essential that IT security pros have all the necessary information quickly.