Dangers are increasing, according to the Vectra AI Security Leaders Research Report. The international study, which surveyed 1,800 IT security decision makers in organizations with over 1,000 employees, found that 74 percent of respondents experienced a significant security event at their organization between February 2021 and February 2022 that required a response.
This alarming statistic shows that cyber threats are on the rise and security and IT teams face growing expectations to protect their organizations from such threats. 92 percent of those surveyed said they felt increased pressure to protect their business from cyberattacks over the past year.
The study shows that the security industry still cannot keep pace with evolving cybercrime tactics, techniques and procedures (TTPs). Traditional “prevention-centric” security strategies and solutions that fail to understand the complexities of modern attacker behavior remain pervasive, leaving organizations open and vulnerable to a potential security breach.
Key findings from the research include:
- 83 percent believe that traditional approaches do not protect against modern threats and that companies need to change the game when dealing with attackers
- 79 percent of security decision makers have purchased tools that have failed at least once, citing poor integration, an inability to detect modern attacks, and a lack of visibility
- Nearly 3 in 4 (72%) think they may have been attacked and were unaware – 43% say it is ‘probable’
- 83 percent say board security decisions are influenced by existing relationships with legacy security and IT vendors
- 87 percent of respondents say recent devastating attacks have caused boards to start paying proper attention to cybersecurity
“While organizations should definitely try to make life as difficult as possible for an attacker, prevention should not come at the expense of threat detection,” said Tim Wade, vice chief technology officer at Vectra. “When an attacker successfully gains access to an enterprise device or network, they still need to complete several stages in the attack chain before they can achieve their goal. In a high-risk game where the attackers have a lot of good cards, detection and response is the best option to minimize the impact of an unauthorized intrusion into the systems as quickly as possible.”
In addition to more than eight in ten (83 percent) of respondents acknowledging that outdated approaches fail to protect against modern threats, 71 percent believe cybercriminals are successfully bypassing current tools and that security innovation is years behind. Another 71 percent believe security policies, policies and tools are not keeping up with attackers’ TTPs. The ongoing cybersecurity skills shortage was also cited as a barrier to moving away from outdated security strategies, with 50 percent saying they could use more security professionals on their team.
“Digital transformation and IT modernization initiatives are driving change at an accelerating pace. But not only companies are innovators, cybercriminals are too,” adds Wade. Organizations need security professionals who speak the language of business risk and boards who are willing to listen. But most importantly, companies need a technology strategy grounded in the understanding that it’s not about if, it’s when they get hurt.”