Canadian Underwriter
News

IT professionals in the United States overconfident in cyberattack detection: study


February 12, 2016   by Canadian Underwriter


Print this page Share

IT professionals in the United States are overconfident in their ability to detect cyberattacks, according to a study released on Thursday by Portland, Ore.-based Tripwire, Inc., a global provider of endpoint detection and response, security and compliance solutions.

71% of respondents believed that it would take “minutes or hours” to detect a configuration change to an endpoint on their organizations’ network

Respondents to the study, conducted by Dimensional Research on behalf of Tripwire, displayed “high levels” of confidence in their ability to detect a data breach, even though they were unsure how long it would take automated tools to discover key indicators of compromise, Tripwire said in a statement.

For example, when asked how long it would take automated tools to detect unauthorized configuration changes to an endpoint on their organizations’ networks, 67% only had a general idea, were unsure or did not use automated tools. However, when asked how long it would take to detect a configuration change to an endpoint on their organizations’ networks, 71% believed it would happen within “minutes or hours.” Configuration changes are a hallmark of malicious covert activity, Tripwire noted in the statement.

The study – which included 763 IT professionals from retail, energy, financial services and public sector organizations in the U.S. – evaluated the confidence of IT professionals regarding the efficacy of seven key security controls that must be in place to quickly detect a cyberattack in progress. These controls include: accurate hardware inventory; accurate software inventory; continuous configuration management and hardening; comprehensive vulnerability management; patch management; log management; and identity and access management.

“When implemented across the organization, these controls deliver specific, actionable information that is necessary to defend against the most pervasive and dangerous cyberattacks, including nation-state sponsored attacks,” the statement said. “It is vital for organizations to identify indications of compromise quickly so that appropriate action can be taken before any damage is done.”

Additional study findings include:

• Sixty-one per cent of respondents working in the financial services sector said their automated tools do not pick up all the information necessary to identify the locations, departments and other critical details about unauthorized configuration changes to endpoint devices;

• Forty-eight per cent of energy and healthcare respondents said they had the lowest percentage of successful patches in a typical patch cycle, with a success rate of less than 80%;

• Nearly two-thirds (62%) of respondents were unsure how long it would take for automated tools to generate an alert if they detected an unauthorized device on the network, while 87% believed it would happen within hours;

• Nearly half (48%) of respondents working for federal government organizations said not all detected vulnerabilities are remediated within 15 to 30 days;

• Forty-two per cent of midmarket organizations do not detect all attempts to access files on local systems or network-accessible file shares by users who do not have the appropriate privileges; and

• Only 23% of respondents said that 90% of the hardware assets on their organizations’ networks are automatically discovered.

“All of these results fall into the ‘we can do that, but I’m not sure how long it takes’ category,” said Tim Erlin, director of IT security and risk strategy for Tripwire, in the statement. “It’s good news that most organizations are investing in basic security controls; however, IT managers and executives, who don’t have visibility into the time it takes to identify unauthorized changes and devices, are missing key information that’s necessary to defend themselves against cyberattacks.”


Print this page Share

Have your say:

Your email address will not be published. Required fields are marked *

*