Majority of European Organisations are not Prepared for the Next Cyberattack
June 2016 by IDC et Splunk
Splunk Inc. announced the results of a new IDC white paper in Europe titled ‘Detecting and Responding to the Accidental Breach: The Impact of the Hapless User’. Comissioned by Splunk, the white paper reveals that while threats from within an organisation (caused by both malicious insiders and hapless users) remain one of the primary causes of security breaches, they are poorly understood by European organisations. As a result, eight in 10 organisations overly rely on traditional approaches to security that focus mainly on system protection and cannot detect and respond to the user activites that can result in a compromise. Nearly a third of respondents do not use basic methods of breach detection and fewer than one in five have any form of security analytics in place. Learn more about breach defence and the hapless user by reading the full report.
“Security breaches are inevitable, but that is tough for security professionals to accept given the considerable budgets that are spent on prevention,” said Duncan Brown, Research Director, European Security Practice, IDC. “The majority of organisations have experienced a data breach over the past two years, but the average time to discover a breach remains around eight months. It is clear that organisations need to detect breaches as they happen, and not wait for the damage to be done. Importantly, taking an analytics driven approach to detect threats early and respond effectively will help companies to deal with threats of all kinds — external attackers, hapless users, and malicious insiders. ”
Other findings from the white paper include:
• There is more threat from hapless users than there is from malicious insiders. Only 12 per cent of respondents reported insider threats as being of high concern. Most organisations are much more concerned about threat types such as viruses (67 per cent), APTs (42 per cent), phishing (28 per cent) and poor user security practices (27 per cent). However, the majority of these attacks can be caused by another type of insider threat: hapless users who unintentionally allow their valid credentials or trusted access to be hijacked. Poor understanding of the hapless user means that organisations are looking in the wrong places to detect attacks and avoid breaches.
• Organisations struggle to detect insider-based breaches. Respondents list the top three obstacles to investigating threats from within the organisation as not knowing what to look for (40 per cent), lack of education and training (39 per cent) and not understanding what normal looks like across different departments (36 per cent).
• Most organisations do not have the technologies, approaches or mindset to detect breaches once they occur. The majority of organisations across Europe are still using technology that is primarily designed to protect a traditional network-based perimeter. Nearly all respondents recognise the need to use firewalls (98 per cent) and anti-virus (96 per cent), but very few see the need to back them up with security analytics (15 per cent) or user behaviour analytics and anomaly detection (12 per cent) in order to detect breaches after they have happened. In addition, less than half of respondents have either a dedicated internal CERT (incident response team (41 per cent) or a security operations centre (SOC – 34 per cent) in place.
“In the age of the ‘inevitable breach’, businesses across Europe need to adopt a ‘detect and respond’ mentality,” said Haiyan Song, senior vice president of security markets, Splunk. “Threat patterns vary, so security teams need to take an analytics driven approach with their Security Information and Event Management initiatives, leveraging machine learning and anomaly detection to identify suspicious behaviour and malicious activity early. Using these solutions will help organizations further automate detection, conduct timely investigation and take the necessary steps to handle a breach, limiting the reputational and financial damage it can cause.”
To learn more about Splunk’s security and fraud solutions, visit the Splunk website. You can also visit the website to learn more about the Adaptive Response Initiative, a new initiative to better combat advanced attacks with a unified defense.
IDC surveyed 400 large companies (of over 1000 employees) in the UK, France, Germany and the Netherlands.