Cyberattack prioritization, prevention efforts lacking

Inadequate security resources have prompted organizations to make tradeoffs in deciding on attack and vulnerability prioritization, prevention and detection optimization, and logging and alerting activities, SiliconAngle reports. Organizations had security controls that could thwart only 59% of simulated attacks, and fewer than 50% of more advanced cyberattacks from January to June, according to a Picus Labs report. Moreover, over 80% of organizations continue to be vulnerable to 2019 security flaws, while only 37% and 16% of attacks are being logged and alerted. The findings also showed an inverse correlation between threat detection and prevention, with healthcare being the worst in averting intrusions but two times more successful in identifying attacks, compared with the average organization. On the other hand, North America-based organizations, which had the highest threat prevention effectiveness scores, had a nearly twofold increased likelihood of successfully averting intrusions, compared with issuing alerts for detected attacks. "Many organizations do not realize the degree to which their existing controls are insufficient for detecting attacks, especially sophisticated ones," said researchers.