IT Professionals Lack Confidence in their Ability to Detect and Contain Cyberbreaches

LogRhythm, known as “The Security Intelligence Company,” has just released its annual benchmark survey, Cybersecurity: Perceptions & Practices, which measures cybersecurity perceptions and practices of organizations in the United States, United Kingdom, and Asia-Pacific regions. The impressive 28-page survey report, conducted by Widmeyer, surveyed 751 IT decision makers. It found that fewer than half of all organizations were able to detect a major cybersecurity incident within one hour. The survey also revealed that a majority of organizations are only moderately confident in their ability to protect their companies against hackers.

James Carder, CISO of LogRhythm

Speaking with James Carder, LogRhythm’s CISO, I learned an even more concerning statistic: Fewer than one-third said they would be able to contain a major incident within an hour. “Even trained professionals have trouble with coping with a serious security incident,” said Carder. “There’s a lot of work to do, very quickly, and in many cases, the tooling—or lack of it—slows down the security operations team. We found that a team can waste as many as 10 hours on inefficient, manual incident detection and response processes if they lack integrated tools.” LogRhythm offers a “next-generation” SIEM solution, with built-in security automation and orchestration features, to help speed up and improve threat detection and incident response workflows.

The Current State of Security Maturity

According to Carder, many companies are focused on growing their security maturity. Team size is an important indicator. On average, companies employ 12 cybersecurity professionals in their organization. However, more than half of the respondents said that they employ 10 or fewer professionals on their teams.

Special threat detection programs are another indicator of security maturity. The study found that most decision makers—more than 70 percent of respondents—have programs in place to detect specific threats, such as ransomware, insider or employee threats, and denial of service attacks. The vast majority of IT decision makers—95 percent—also use security software to prevent and react to threats. And more than a quarter deploy at least 10 security software solutions to manage security threats.

Level of Security Confidence

When it comes to confidence levels, about half of security decision makers believe that a determined hacker can still breach their organization. In fact, over one-third reported that their company has experienced a breach in the past year—ranging from 29 percent in the United States to 39 percent in the Asia-Pacific region.

When specifically asked about level of confidence, these decision makers revealed that they have only moderately positive confidence in their cybersecurity measures and abilities—suggesting an attitude that is more hopeful than truly confident.

Similarly, most IT executives—over 60 percent—are only somewhat confident that their security software can detect all major breaches. Likewise, they are only moderately confident that they can protect their companies from hackers.

In addition, the level of confidence in one’s security is also swayed by other variables, such as the implementation of programs that target specific types of threats. For instance, decision makers who did not report having programs to protect against threats such as ransomware, insider threats, and service denial attacks are less confident in their security programs. Unsurprisingly, that same segment reported slower rates of detection, response, and containment.

Ability to Respond to Cyberthreats

There are many factors that enable a security team to quickly detect and respond to an incident, including technology, process, programs, and people. When it comes to technology, a strong majority (nearly 80 percent) of IT executives said that a platform for security management, analysis, and response is beneficial—though only about a third rate such a platform as very beneficial. This response may reinforce the notion that true security confidence cannot be created with technology alone.

When asked to consider how their organization is operating from a Threat Lifecycle Management perspective—as an approach that includes discovery, qualification, neutralization and recovery from cyberattacks—IT executives were not overly optimistic. About a third of all respondents reported that they need help at virtually all stages in the TLM workflow, especially detecting, investigating, neutralizing, and recovering from cyberthreats.

Cybersecurity Funding

Security organizations need adequate funding to effectively fight cybercrime. However, the study found that the percentage of resources allocated to cybersecurity from the overall IT budget is often on the low side. Overall, one-third of executives allocate 10 percent or less of their IT budget to security. Regionally, the U.S. had the lowest rate, and Asia-Pacific the highest.

When asked about their comfort level with security funding, 57% of IT executives indicated they are moderately comfortable with their companies’ level of security funding; however, nearly a quarter said they are not comfortable. From a regional perspective, executives in the United States were less likely to think the level of their security funding is appropriate.

The full survey results can be viewed here.