Gap Between Cybersecurity Breach Detection and Prevention Widens

Version imprimable, PDF et e-mail

When it comes to ransomware and so-called Vault 7 cyberattacks based on malware misappropriated from the Central Intelligence Agency (CIA) in the U.S. there appears to be a massive gap between being able to detect these types of attacks and being able to do something about them.

A recent survey of 202 senior-level IT and IT security professionals in the U.S and the United Kingdom (UK) conducted by the Ponemon Institute finds that 67 percent of respondents believe they would be able to detect a Petya ransomware attack, while 72 percent stated they would be able to detect a WannaCry attack. The number of respondents that could detect a Vault 7 attack ranged from 38 percent for Weeping Angel to 55 percent for Year Zero attacks.

But when it comes to preventing these attacks the numbers drop off the proverbial cliff. Only 29 percent of respondents claimed they would be able to prevent a Petya attack, while 28 percent said they would be able to prevent a WannaCry attack. Only 12 percent said they could prevent a Weeping Angel attack, while any ability to prevent any other type of Vault 7 attack fell below 10 percent.

Overall, A majority (54%) of security executives admitted that their business had experienced an attack in the last year and almost half (47%) had been unable to prevent the attack. In fact, 44 percent of respondents who were aware of the WannaCry patch didn’t implement it, while 55 percent didn’t patch for Petya.

The report makes it clear internal IT organizations need a lot more external cybersecurity help. The trouble is that many managed service providers (MSPs) only provide rudimentary security services. Advanced security services typically require the service of a dedicate managed security service provider (MSSP). Alas, the services of an MSSP are often beyond the price point many organizations can afford regardless of the potential risks involved.

A full 33 percent of the organizations surveyed said they had no dedicated cybersecurity professionals on staff. Another 25 percent are relying on internal resources compared to 17 percent relying on MSSPs. Another 23 percent said they were relying on a mix of internal and external resources.

Not surprisingly, the survey finds little consensus when it comes to cybersecurity effectively and budgets. Almost half (45%) said security technologies deployed are sufficient in preventing, detecting, and containing significant cybersecurity threats. Another 40 percent say their security technologies are not sufficient, while 14 percent are unsure.
Forty-seven percent of respondents believe their organizations’ IT security budget is sufficient in preventing, detecting, and containing significant cybersecurity threats. Another 48 percent say their budget is not sufficient, while four percent are unsure.

The survey finds the biggest impact of cybersecurity breaches to involve theft of data assets (52%), disruption to business processes (47%), disruption to IT operations or downtime (41%), damage to IT infrastructure (21%), and loss of revenue (14%). Most cybersecurity breaches impact organizations in multiple ways so it’s not surprising the that U.S. companies (125) represented in this study incurred an average cost of $2.07 million, compared to 77 U.K. companies that pegged the cost at $1.55 million.

Given the potential costs involved it is likely many survey participants are overly optimistic when it comes to evaluating the effectiveness of the existing security investments. Of course, there’s never a direct correlation between the amount of money being spent and overall effectiveness. But chances are high that most allocations of existing cybersecurity budget dollars could be much better spent than they are today.

Remonter en haut de page