A survey of 500 IT decision-makers in UK enterprises (250+ employees) has revealed that 54% lack the knowledge and capacity required to thwart sophisticated cyber attacks.
The survey, which was conducted by Symantec and Deloitte, also found that:
- 66% of respondents don’t think it’s necessary to regularly train employees on cyber security policies and practices
- 60% of respondents lack full confidence in their enterprise’s cyber security policies
- 55% of respondents depend on legislation, regulations, and other external factors to drive their infosec policy
- 49% of respondents fail to fully protect confidential data, including corporate intellectual property, and private information related to customers, employees, and finances
Also, more than a third of respondents said they’ve been hit with false positives, which have led to IT system disconnects (84%) and data loss (74%). Consequently, 80% experienced a plunge in productivity and 72% experienced a drop in revenue while they waited for their IR/SOC teams to put the system back online and sound the “all clear.”
Despite the grim overall findings, one bright spot in the survey was that 80% of IT decision-makers believe that third-party technology solutions are cost-effective ways to close the knowledge gap and minimize cyber attacks.
“The threat from sophisticated cyber threats continues to increase, along with the repercussions of a breach,” commented Andy Ng, Director and Information Protection Lead of Cyber Risk Services at Deloitte. “It is essential that organizations become proactive and resilient in protecting their business.”
It’s also necessary for organization to recognize that it’s impossible to completely prevent cyber attacks; especially since sophisticated campaigns often deploy in multiple-stages over long periods of time.
As such, the only viable, practical and effective cyber security approach is one that focuses on detection — since advanced malware must eventually “call home” to send stolen data or receive instructions from its command and control (C&C) server. By detecting this transmission, enterprises can rapidly identify compromised devices and endpoints, and automatically direct their IR/SOC teams to take efficient action to stop cyber attacks as early as possible in the kill chain — and with no risk of false positives.
Because while there’s no way to stop 100% of cyber attacks, there’s definitely a way — and frankly, a fundamental obligation — for IT decision makers to get the knowledge and capacity the need to thwart them.