Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 30, Issue 3

Full Contents Now Available!

Friday, 14 July 2017 14:35

BCI: A third of security professionals under-prepared to defend cyber threats

The Business Continuity Institute

One in three (32%) security professionals lack effective intelligence to detect and action cyber threats, according to a new study from Anomali, which also revealed that almost a quarter (24%) believe they are at least one year behind the average threat actor. Half of this sample admitted they are trailing by two to five years. This confirms that many organizations are not adequately mitigating cyber risks.

The survey also signals that organizations struggle to detect malicious activity at the earliest stage of a breach, or learn from past exposures, which leaves numerous vulnerabilities undiscovered. Almost one in five (17%) of respondents haven’t invested in any threat detection tools such as security information and event management (SIEM), paid or open threat feeds, or User and Entity Behaviour Analytics (UEBA).

The findings of this study also demonstrate the need for organizations to possess an effective business continuity programme. If security professionals aren't able to detect or prevent cyber threats, then organization must have plans in place to deal with those that do get through to ensure they are not disruptive to operations.

Successful cyber attacks are not 'smash and grab' type of events. Rather, cyber criminals typically lurk undetected inside enterprises’ IT systems for 200 days or more before discovery. During this time attackers gain access inside the network, escalate privileges, search for high value information, and ultimately exfiltrate data or perform other malicious activities. This ‘200 day problem’ is an ever-present danger, but survey respondents rarely examine historical records to discover whether a threat actor has entered their system. Just 20% consult past logs daily, 20% weekly, 14% monthly and 22% said never or don’t even know how often. This results in multiple missed opportunities to help prevent a breach.

“The ‘200 day problem’ arises from the fact that logs are produced in such massive quantities that typically only 30 days are retained and running searches over long time ranges can take hours or even days to complete,” says Jamie Stone, Vice President, EMEA at Anomali. “Detecting a compromise at the earliest stage possible can identify suspicious or malicious traffic before it penetrates the network or causes harm. It’s imperative to invest in technologies security teams can use to centralise and automate threat detection, not just daily but against historical data as well.”