Are concerns about cybersecurity just talk?
BUSINESSES understand the growing importance of protecting their company against cyber incidents such as network breaches, data thefts, and frauds.
However, as hackers get more competent and find better tools to aid them in their malicious plans, IT professionals seem to feel like they’re fighting a losing battle and are losing confidence in their security software.
According to a new study by LogRhythm, over 60 percent of IT executives are only somewhat confident that their security software can detect all major breaches. Likewise, they are only moderately confident that they can protect their companies from hackers.
— David Chou (@dchou1107) March 22, 2018
Further, decision makers surveyed revealed that they have only moderate positive confidence in their cybersecurity measures and abilities—suggesting an attitude that is more hopeful than truly confident.
The study, which surveyed 751 IT decision makers from the US, the UK, and the APAC region, found that less than half of all organizations were able to detect a major cybersecurity incident within one hour. And, less than one-third said that even if they detected a major incident, they would be unable to contain it within an hour.
The results are also consistent with findings from Tenable’s 2017 Global Cybersecurity Assurance Report Card released in December last year. It surveyed 700 security practitioners in nine countries and across seven industry verticals and found that global cybersecurity confidence fell six points over 2016 to earn an overall score of 70 percent — a “C-grade” on the report card.
Security maturity and funding
LogRhythm’s study found that many companies are focused on growing their security maturity and employ about 12 cybersecurity professionals in their organization, on average.
More than 70 percent of respondents also said that they have programs in place to detect specific threats, such as ransomware, insider or employee threats, and denial of service attacks.
The vast majority of IT decision makers—95 percent—also use security software to prevent and react to threats. And more than a quarter deploy at least 10 security software solutions to manage security threats.
However, despite being focused on growing their security maturity, organizations seem to forget to allocate reasonable budgets to it.
The study found that the percentage of resources allocated to cybersecurity from the overall IT budget is often on the low side. Overall, one-third of executives allocate 10 percent or less of their IT budget to security. Regionally, the U.S. had the lowest rate, and Asia-Pacific the highest.
The level of confidence in one’s security also depends on variables such as the implementation of programs that target specific types of threats, and LogRhythm’s survey found that decision-makers who did not report having programs to protect against threats such as ransomware, insider threats, and service denial attacks were less confident in their security programs.
As things stand, findings from the survey indicate that there’s a lot of conversation about cybersecurity and why it needs focus, but companies need to work harder if they want to keep intruders out of their ‘business’.