Are IT Professionals Underestimating the Probability of a Cyberattack?

Probability of A Cyberattack Being Suffered is Underestimated by IT Security Professionals

New data released by the Ponemon Institute suggests that IT security professionals may be underestimating the probability of a cyberattack occurring. More than half of IT professionals surveyed believed the probability of a cyberattack occurring was low and that they were relatively safe and would not be targeted by hackers.

The latest Ponemon Institute study – Advanced Threat Detection with Machine Generated Intelligence – was conducted on 614 IT security professionals based in the United States. Respondents were asked numerous questions about their organizations’ efforts to detect and prevent cyber attacks, and their attitudes on their employers’ efforts to combat threats were probed.

Surprisingly, even though the threat of being attacked was deemed to be relatively low by half of IT security staff polled, 61% of respondents also said they are not confident that they are able to detect advanced threats. As pointed out by Ponemon, the survey shows there are many “disconnects between perception and reality.”

Many cyberattacks are indiscriminate in nature. Individual organizations may not be targeted, but if security defenses are poor, the probability of an attack occurring increases. It is therefore surprising that the probability of a cyberattack occurring is being underestimated. It is also worrying that systems are not being used – or used effectively – to detect advanced threats, and too little money is being diverted to deal with the issue.

The survey also revealed the threats that are causing IT security professionals the most concern, the speed at which intelligence is communicated, and the value of machine generated intelligence.

Identification of Abnormal Network Behavior is Proving Problematic

One of the methods used to detect possible network intrusions is the installation of a system to identify abnormal behavior – activity that is not normal, and could therefore indicate a system has been compromised. According to the survey, 59% of security professional believed that being able to identify abnormal behavior was important, and would allow suspicious artifacts to be identified.

One of the problems highlighted by the survey was the inability of many organizations to determine the difference between normal behavior and abnormal behavior.  Only 38% of respondents said they were able to do this, and had a baseline which could be used to assess “normal behavior.”

The level of investment in threat detection systems also appears to be low. 64% or respondents believed that security analytics were essential, very important or important. Only 36% of organizations said they actually used security analytics as part of their arsenal to deal with cyberattacks.

Machine generated intelligence was deemed to be a vital part of cybersecurity defenses according to 65% of respondents. Unfortunately, current intelligence was found to be lacking. 63% of survey respondents did not rate the intelligence they received, claiming it was inaccurate or incomplete. In fact, had intelligence been accurate, it would have been possible to prevent many of the data breaches that had been suffered. 60% believed that threat intelligence could have stopped at least 5 data breaches from being suffered over the course of the past two years. 52% claimed that their organization failed to stop a security breach as a result of outdated or incomplete threat intelligence.

It is clear from the results of the survey that IT security professionals believe they need more information in order to accurately assess the current threat level and to effectively deal with the most serious threats. Furthermore, greater investment would enable security professionals to prevent security breaches from occurring. At present, only 24% of security professionals believe their organization’s ability to detect advanced threats is high. 12% rated advanced threat detection ability with a score of 1 or 2 out of 10.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news