IT disaster recovery, cloud computing and information security news

IT professionals ‘overconfident in cyber attack detection’: study

Details
Published: Tuesday, 16 February 2016 09:01

Tripwire, Inc., has published the results of an extensive study conducted by Dimensional Research on its behalf. The study evaluated the confidence of IT professionals regarding the efficacy of seven key security controls that must be in place to quickly detect a cyber attack in progress. Study respondents included 763 IT professionals from retail, energy, financial services and public sector organizations in the US.

The majority of the respondents displayed high levels of confidence in their ability to detect a data breach even though they were unsure how long it would take automated tools to discover key indicators of compromise. For example, when asked how long it would take automated tools to detect unauthorized configuration changes to an endpoint on their organizations’ networks, 67 percent only had a general idea, were unsure or did not use automated tools. However, when asked how long it would take to detect a configuration change to an endpoint on their organizations’ networks, 71 percent believed it would happen within minutes or hours. Configuration changes are a hallmark of malicious covert activity.

Additional study findings include:

  • 48 percent of energy and health care respondents said they had the lowest percentage of successful patches in a typical patch cycle, with a success rate of less than 80 percent.
  • Nearly two-thirds (62 percent) of respondents were unsure how long it would take for automated tools to generate an alert if they detected an unauthorized device on the network, while 87 percent believed it would happen within hours.
  • Nearly half (48 percent) of respondents working for federal government organizations said not all detected vulnerabilities are remediated within 15 to 30 days.
  • 42 percent of midmarket organizations do not detect all attempts to access files on local systems or network-accessible file shares by users who do not have the appropriate privileges.
  • 61 percent of respondents working in the financial services sector said their automated tools do not pick up all the information necessary to identify the locations, departments and other critical details about unauthorized configuration changes to endpoint devices.
  • Only 23 percent of respondents said that 90 percent of the hardware assets on their organizations’ networks are automatically discovered.

The study is based on seven key security controls required by a wide variety of security regulations, including PCI DSS, SOX, NERC CIP, MAS TRM, NIST 800-53 and IRS 1075.

More information on the study.


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

The Hunt for Hidden Risks
The BIA Guide

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.