Cyberattack response time averages 2 days, report finds

The Transform Technology Summits start October 13th with Low-Code/No Code: Enabling Enterprise Agility. Register now!

Responding to cyberattacks takes the average company 20.9 hours, equating to over two working days. That’s according to a new report from Deep Instinct, which found that 86% of security professionals don’t have confidence that their fellow employees won’t click on malicious links, allowing threats into an environment to initiate breaches.

“Ransomware and malware attacks aren’t going away anytime soon. That’s why organizations need to better position themselves to combat potential threats with a pre-execution, prevention-first approach,” Deep Instinct CEO Guy Caspi said in a press release.

Deep Instinct’s report analyzed responses across 11 countries from 1,500 cybersecurity professionals who work for businesses with more than 1,000 employees. Respondents cited a lack of threat prevention specific to never-before-seen malware as one of their top concerns, followed by a shortage of qualified staffers and hidden persistence tactics. (Hidden persistence is where threat actors clandestinely maintain access to systems through restarts and changed credentials.)

The survey also found that nearly all respondents — 99% — believe that they don’t have every endpoint (e.g., laptop and smartphone) in their company secured by at least one software agent. Only one-third claim that all endpoints have the same level of protection, with a majority (60%) saying that they’re unable to consistently block threats across different endpoints.

Pandemic-related headwinds

A preponderance of evidence shows that workplace changes brought on by the pandemic present security teams with major challenges. The number of identities in the enterprise soared with remote work, according to the nonprofit Identity Defined Security Alliance, leading IT decision makers to become less confident in their ability to secure employee credentials. An HP Wolf Security study found that 83% of IT teams believe the increase in home workers has created a “ticking time bomb” for a corporate network breach. And 74% percent of companies attribute recent cyberattacks to vulnerabilities in technology put in place during the pandemic, Forrester reports.

“[Our] findings shed light on the multiple challenges that security teams face on a daily basis and provides insights into the serious needs that the industry needs to address,” Caspi continued.

Those surveyed by Deep Instinct also shared that cloud and file storage compromises remain difficult to remediate. Eighty percent report that files stored in the cloud are not checked for vulnerabilities, while 68% said they had at least some concern about fellow employees unwittingly uploading malicious files and compromising environments.

Indeed, cloud transformation is moving quickly, with 64% of companies expecting that they’ll be fully in the public cloud within five years, according to CloudCheckr. But adoption is outpacing security. Fugue reports that 36% of organizations have suffered a serious cloud leak or breach within the past year. And security professionals believe cloud providers’ efforts to ensure security for users is “just barely” adequate, with the majority saying that relying on multiple cloud providers creates security issues.

“This research exposes gaps in organizations’ security posture,” Caspi added. “[It includes] a lack of full coverage on the endpoint, exposure in cloud storage, and malicious file uploads by internal sources into production systems.”

VentureBeat

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Source: Read Full Article