Survey: 77 percent of IT staffers have incorrectly reported the cause of a security incident

Share this article:
Access control has many dimensions
Nearly 50 percent of respondents still use manual processes to discover network and application performance issues.

When relaying information to executive teams, 77 percent of IT staffers admitted that they incorrectly reported the root cause of a network or security incident, according to a visibility survey released Tuesday by network connectivity, monitoring and management solutions provider Emulex Corporation.

Part of the reason could be attributed to 45 percent of IT staffs still using manual processes to discover network and application performance issues, Matt Walmsley, senior marketing manager with the Endace division of Emulex, told SCMagazine.com in a Tuesday email correspondence.

“It is surprising that the wrong information is being reported to executives so pervasively, but it is not surprising given that so many IT staffs are ‘flying blind' and monitoring their networks manually,” Walmsley said.

To top it off, of 547 self-identified NetOps and SecOps professionals in the United States and Europe that responded to the 2014 Emulex Visibility Survey conducted this spring, 79 percent said they experienced network events attributed to the wrong IT group.

“They're under pressure to provide initial explanations and then final resolutions, but frequently lack all the ‘evidence' of what exactly happened, so they have to rely on heuristics and supposition as part their analysis, while trial and error testing is used in attempting to resolve issues,” Walmsley said.

Equipping IT staffs with some combination of network performance monitoring, application performance monitoring, and security information and event management (SIEM) tools, which automatically alert to anomalous behavior and track root causes, should help the issues, Walmsley said.

Continued non-use of the aforementioned tools may result in a surplus of unresolved events, which 73 percent of survey respondents said they are currently experiencing, Walmsley said, adding organizations are open to further attacks if the hole where the attack first occurred is not plugged.

“An unresolved network event is one in which the root cause has not been established and therefore the risk of reoccurrence has not been mediated,” Walmsley said. “These events are still unresolved because these IT pros do not have access to the right post-event forensics tools.”

When it comes to costs, 52 percent of U.S. respondents said their organizations lose more than a half million dollars in revenue per hour during network outages and performance degradation, according to the survey.

Organizations are also losing more than $1 million per year investigating events lasting longer than 12 hours, according to 26 percent of respondents. 70 percent of NetOps respondents said that they spent at least one full business day investigating a critical network event.

The Emulex survey also highlights a rise in security events, with 83 percent of respondents indicating an increase over the past year, and 81 percent of SecOps respondents revealing that their organizations had experienced a breach.

“There is a very obvious lack of visibility into network and security events that is leading to a host of problems when it comes to determining the actual root cause,” Walmsley said. “Network downtime is hugely expensive, but so are the costs associated with misinterpreting data and not having a clear picture of what is causing problems on the network.”

Share this article:

Sign up to our newsletters

More in News

CyberMaryland conference returns, hosts job fair for military vets

The conference will be anchored by the Maryland Cyber Challenge and Competition, a security job fair, and more.

Andromeda bot spreads Tor-using CTB-Locker ransomware

Andromeda bot spreads Tor-using CTB-Locker ransomware

Kaspersky Lab has observed Andromeda bot being used to deliver CTB-Locker, a new ransomware that hides its command-and-control server on the Tor network.

Cyber Command tests gov't collaboration in wake of attacks

The two-week exercise, "Cyber Guard 14-1," was completed this month.