Organizations still in the dark on cybersecurity problems

Jeff Debrosse, director, Websense Security Labs on cybersecurity

Jeff Debrosse, director, Websense Security Labs

A new report from the Ponemon Institute, sponsored by security vendor Websense, has found the cybersecurity industry remains subject to various problems in coping with advanced cybercriminals. Issues include deficits in security solution effectiveness, perceived disconnects between IT security professionals and company executives and security professionals, and limited visibility into attack activity.

“The three core areas in the study are a lack of available resources and tools, a disconnect on perceived valuable or confidential data, and a lack of insight into threats,” said Jeff Debrosse, Websense’s director of security research. The study was based on a survey of approximately 5000 security professionals in 15 countries, including the U.S. and Canada, with the majority of these coming from the enterprise.

A healthy majority think their security solutions are not effective.

“57% don’t think their organization is protected from cyberattacks, and 63% have specific doubts about the ability to stop threats from leaving the organization,” Debrosse said. “It’s not about the cost of the tools, but how they are layered.”

The study also found almost 7 in 10 believe that some threats will sneak through the defenses, even if most of the attack is stopped.

“69% have stated the threats are not being detected by their solutions,” Debrosse said. “At any given time, regardless of how big you are, there will be some threat actor in your network, so the issue is how do you go forward with that.”

Other security solution findings were 51% saying security solutions don’t inform them about root causes of attack, and 59% saying they do not have adequate intelligence or are unsure about attempted attacks.

“They are nervous and they want more information, and they want noise reduced,” Debrosse said. “They want to be able to better correlate the flood of SIEM log entries to what’s happening in the world.”

The study’s findings on the disconnect between IT and management on the perceived value of confidential data were dramatic – so dramatic that it conflicts with the views of both the Ponemon Institute and Websense.

“80% of IT pros said their company leadership didn’t include losing confidential data with loss of revenue,” Debrosse said. “That was the eye opening piece for me. I don’t think that’s accurate, and think management really does get their fiduciary duty. Breaches and regulation cost money.” Similarly, Ponemon Institute research, indicates the average cost of an organizational data breach is $5.4 million, and the average cost per lost or stolen record due to a data breach is $188 – which can actually be read as good news, since the cost per record has actually declined from over $200.

On the topic of the lack of data visibility, only 41% think they have a good understanding of the threat landscape, only 37% said they could be sure that their organization lost sensitive or confidential information in an attack, and 35%  who had lost sensitive or confidential information did not know exactly what data had been stolen.

“Those are concerning numbers, but not that surprising,” Debrosse said. “When it’s time to do data discovery, unless an audit has just been done, it will be discovered that information is where it shouldn’t be. They don’t know what has been lost because they don’t know where data is in the first place. They need to understand where data is resting.”

So how do companies turn these numbers into useful actionable takeaways?

“They need to look at this and see if these data speak to them,” Debrosse said. “They need to have that conversation between IT and higher management on how they are deploying security solutions.”

Debrosse also said companies need to look closely about the threat intelligence different vendors provide, because while some companies say they provide ‘real time defenses,’ it’s a squishy term.

“It’s critical because the longer the time between break-in and discovery of the compromise, the longer it takes to discover this has occurred, the harder it is to find out what happened, as things get moved around,” he said. “So the closer you can get to real time the better.”

Ultimately, Debrosse also stressed that the best solutions in the world won’t compensate completely for careless or dozy employees.

“It comes down to things like organizational cooperation, and communication and education,” he said. “No matter how good the solution, if someone clicks a link in an email, they can cause problems.”

This article originally appeared on eChannelLine.com.