Cyber pros may be a little too confident in ability to detect attacks, survey says
A Tripwire survey found that IT pros may be overestimating their threat detection abilities.
Cybersecurity professionals may be overestimating their abilities to detect cyber attacks, according to a recent survey in which the majority of respondents were very confident in their ability to detect a data breach.
Dimensional Research Study surveyed 763 IT professionals from retail, energy, financial services, and public sector organizations in the U.S. for Tripwire's "2016 Breach Detection Study" to determine their confidence levels in and the efficacy of seven key security controls that must be in place to quickly detect a cyberattack.
While confidence levels for detecting a data breach ran high, most respondents were unsure how long it would take automated tools to discover key indicators of a compromise.
Only 40 percent of respondents said they have a general idea of how long it would take those tools to alert administrators to unauthorized configuration changed on endpoint devices. And 17 percent of the respondents claimed to have no idea while 33 percent knew exactly the length of time it would take.
Nearly three quarters, or 71 percent, of respondents estimated detecting a configuration change to an endpoint on their organizations' networks would take minutes or hours.
Tripwire's Director of IT Security and Risk Strategy Tim Erlin said in the survey that the results fall into the "we can do that, but I'm not sure how long it takes" category.
While it's good that most organizations are investing in basic security controls, Erlin said, “IT managers and executives, who don't have visibility into the time it takes to identify unauthorized changes and devices, are missing key information that's necessary to defend themselves against cyberattacks.”
Erlin told SCMagazine.com via email correspondence that the study's most surprising find was the large percentage of respondents who indicated they fix all vulnerabilities they find in 15 to 30 days.
“Evidence from breach activity suggests that known, published vulnerabilities remain a significant vector in successful attacks, which would indicate that either these respondents aren't representative of the whole, or that they are overestimating their patch effectiveness,” Erlin said.
It is important for cyber security professionals to explore different methods to protect their data but be careful to only focus on what works, Erlin said.
“There are a lot of interesting topics to dive into in cybersecurity, but not all of these topics result in reduced risk for most organizations,” he explained. “Spending hours analyzing the latest malware may be interesting, but it might not be as productive in terms of risk mitigation as identifying gaps in your vulnerability scanning or database misconfigurations."