Preventative security technologies like firewalls and application blacklisting aren’t always enough to safeguard an organization’s IT infrastructure. Businesses often face internal threats, so a cybersecurity strategy must include tools and processes for rapid detection and response. However, strategies often don’t.
Ponemon Institute recently surveyed 627 IT and IT security practitioners in the United States to understand how organizations are addressing cyber risks associated with insider threats – such as negligent or malicious employees.
The overall findings paint a worrisome picture -- organizations lack deep understanding of the risks of this type of threat. Respondents also revealed they are underprepared for resident attackers, and that they have little ability to discover and remove internal threats.
A key finding is that the ability to detect “stealth” attackers is lower than it should be. Only 42 percent of respondents say their IT security team is doing a good job at detecting whether a staffer is acting maliciously. When it comes to identifying abnormal activity and resource usage, the team’s effectiveness is lower, according to 38 percent of respondents.
Detection is also slower than it should be. While more than half of respondents believe they have reduced dwell time in the past year, 44% either have not or don’t know.
“Being able to detect is one thing, but because damage can increase with every system the attacker touches, detection needs to happen as early as possible,” according to the report.
One problem that seems to be causing ineffective detection at the perimeter level is compliance activity. The report lists barriers that block effective detecting cyber attackers operating within the network. At the top of the list is “compliance activity,” which, according to 60% of respondents “detracts attention from threat detection functions.” Other barriers include the inability to determine which alerts to escalate (55%), difficulty in distinguishing between false positives and “real” alerts (53%), shortage of time or skills to optimize and maintain detection technologies (47%), lack of resources / technologies (45%), and more.
Interestingly, as many as 15% of those polled said no effective detection technologies are available in the marketplace, which indicates that decision makers are unaware of the market offerings. This dovetails with another key finding:
“Business leaders lack understanding of the threats. Leaders cannot communicate effectively with IT security leaders or set cyber risk management priorities without a foundational understanding of the threat actors an organization needs to contend with, yet 68 percent of respondents say their executives and senior management do not have a good understanding of how threat actors work and the harm they can cause. Among technical functions, where granular threat understanding is necessary for strong detection and response, organizations fare better, but could be stronger.”
As evidenced in countless studies in recent years, the communication gap between IT chiefs and the rest of the C-suite is hampering the development of an effective cyber security strategy at many organizations.