IT professionals are unrealistic about the time it takes to identify security threats: survey

Published: Thursday, 29 October 2015 15:08

A new survey from Lieberman Software Corporation has found that 83 percent of IT professionals do not believe advanced persistent threats are over-hyped, however they are ‘still very na├»ve’ about the length of time it would take to identify an advanced persistent threat on their own corporate network.

The study was carried out at Black Hat Conference 2015 and looked at the attitudes of nearly 150 IT security professionals.  It revealed that 10 percent of IT professionals believe it would take them only one hour to identify an APT on their network, while 55 percent said it would take them one week to one month. However this is in contrast with data from a recent Mandiant report which revealed that hackers are present on the network for an average of 205 days before being discovered.

Other findings from Lieberman Software’s study revealed that 84 percent of respondents believe that unmanaged privileged credentials are the biggest cyber security vulnerability within their organization.

Commenting on the study findings, Philip Lieberman, CEO of Lieberman Software Corporation, said: “Today’s sophisticated cyber attacks are designed to stay under the radar. Organizations must have security inside the firewall for when these difficult to detect attacks slip by perimeter defences / defenses. That’s why it’s encouraging to see that IT professionals understand the dangers of unmanaged privileged credentials. Despite the prevalence of cyber attacks, and the difficult task of stopping them, malware and APTs do have a weakness. To be able to do their worst, they need privileged credentials to gain elevated access to a system. Ultimately, if they can’t install something, they can’t attack.”

The study also revealed that many IT professionals are still very dubious about the cloud, with 97 percent of respondents stating that they are worried about some of their organization’s cloud hosted data being either lost, corrupted or accessed by unauthorized individuals.

“Generally speaking, the security provided by cloud services is often superior to that which is implemented by most small and medium sized businesses. However, what concerns most organizations is the security of their critical data. Cloud service providers need to demonstrate how seriously they take cyber security and the lengths they are going to in order to protect sensitive information against access by unauthorized individuals. Organizations should always keep a close eye on all their cloud hosted data and keep a log of who is accessing the data and when. This will help ensure it is not accessed by anyone it shouldn’t be,” continued Lieberman.

For more information on the survey, click here