IT pros too confident about detecting ongoing cyber-attacks

Endpoint detection and response company Tripwire and Dimensional Research conducted a research, and asked 763 IT professionals from various industries about their security practices, and if they felt confident they could detect an ongoing cyber-attack.

The two companies announced that the majority of IT experts felt overconfident in their abilities to detect an ongoing threat and remove an unauthorized device from their network.

Eighty-seven percent of IT pros questioned said they could remove an unauthorized machine from their network within minutes or hours.

Director of IT security and risk strategy at Tripwire, Tim Erlin, said there is a difference between security and compliance, and that companies should not be satisfied with simply complying with the latest regulations.

"Compliance and security are not the same thing", he said. "While many of these best practices are mandated by compliance standards, they are often implemented in a 'check-the-box' fashion. Addressing compliance alone may keep the auditor at bay, but it can also leave gaps that can allow criminals to gain a foothold in an organization".

The study is based on seven key security controls required by a wide variety of compliance regulations, including PCI DSS, SOX, NERC CIP, MAS TRM, NIST 800-53, CIS 20 Critical Controls and IRS 1075.

"The path to a mature security deployment is through visibility because you cannot protect what you cannot see", said Travis Smith, senior security research engineer for Tripwire. "Understanding what you have and how you can potentially be compromised allows security teams to focus on where attackers are likely to strike. The cost of being proactive is always less than the cost of being reactive".

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Photo Credit: arda savasciogullari / Shutterstock