Organizations need a holistic approach to cyber threats
A new survey of 300 organizations across the US and Europe looks at the key challenges concerning the ability to effectively prioritize and contextualize the large amounts of data organizations get from several cyber security alert systems, as well as identifying the actions needed to meet them.
The survey, conducted for Darktrace by IDC, finds evolving attack vectors make it difficult to prepare proactively, with only 31 percent of respondents highly confident that their tools can continuously adjust to new configurations.
Respondents also report a lack of dynamic testing capabilities with 65 percent agreed that pen testing provides only a snapshot in time which is of limited value, as it quickly becomes out of date. While 76 percent think visualizing attack paths is of moderate or high importance, only 29 percent are highly confident they have a robust mechanism to test their environments against the most current threat vectors.
The number of organizations that can continuously run preventative exercises such as pen tests and attack surface evaluation is between only 24 percent and 31 percent across all sectors.
"It's clear from this study that organizations need to adopt a holistic approach to improve their readiness," says Christopher Kissel, research vice president of IDC's Security and Trust Products. "The solution is to create a virtuous cycle, leveraging AI to create an ecosystem across an entire organization able to continuously stress-test environments, give an instantaneous response, and determine if remediation is working."
The report calls for, "a multi-pronged approach that includes establishing a security posture and proactively managing the access and assets, monitoring what is happening in the environment, and ensuring a fit-for-purpose remediation approach including backup and disaster recovery."
The study also highlights AI as a solution for improved detection and response capabilities and continuous monitoring, as well as playing an integral part in the 'virtuous cycle', citing AI's ability to look for subtle changes in the behaviors of entities within a network.
The full report is available here.