Enterprise security leaders think traditional methods aren't meeting modern threats
A new study of 200 IT security decision makers working at organisations with more than 1,000 employees in the UK reveals that 89 percent think traditional approaches don't protect against modern threats.
The report from threat detection and response company Vectra also finds that 76 percent say they have bought tools that failed to live up to their promise, the top three reasons being poor integration, failure to detect modern attacks, and lack of visibility.
Among other findings 69 percent think they may have been breached and don't know about it and a third (31 percent) think this is 'likely'. 69 percent also believe cybercriminals are leapfrogging current tools and that security innovation is years behind that of the hackers.
On more positive notes 90 percent of respondents say recent high-profile attacks have meant the board is starting to take proper notice of cybersecurity. Although 68 percent say it's hard to communicate the value of security to the board. Also over half (54 percent) now invest as much, if not more, on detection as protection, suggesting a positive shift away from the prevention-first mentality.
"Digital transformation is driving change at an ever-increasing pace," Garry Veale, regional director, UK and Ireland at Vectra, says. "Yet companies are not the only ones innovating. Cybercriminals are too. As the threat landscape evolves, traditional defences are increasingly ineffectual. Organisations need modern tools that shine a light into blind spots to deliver visibility from cloud to on premise. They need security leaders who can speak the language of business risk. Boards that are prepared to listen. And a technology strategy based around an understanding that it’s ‘not if but when’ they are breached."
There's also concern about new legislation. 58 percent of respondents think legislators aren't well-equipped enough to make decisions around cybersecurity matters and call for more industry input and collaboration. In addition, 43 percent of respondents argued that regulators don't have a strong enough understanding of life 'at the coal face' to be writing laws for cybersecurity professionals.
"With the security landscape rapidly evolving and becoming increasingly complex, more often than not the attackers hold the advantage. This means security leaders must adopt a fresh approach to security that revolves around detection and response, while moving away from prevention-first strategies," concludes Veale. "This new approach to security can create the right conditions for effective cyber-risk management but in order for the wider security industry to embrace this pro-active culture, there needs to be greater communication and consultation amongst both the board and regulators to ensure all parties are reading from the same script."
The full report is available from the Vectra site.