Vectra's search shows that the rules of the game must be changed: innovation is back years compared to the complexity of the attacks, the discussions of the board of at least one decade and the regulation needs more input by the sector
Vectra AI, leading supplier in the detection and resolution of computer threats, has published a new report that highlights how organizations are now facing complex and unpublished computer threats. The Security Leaders Research Report of Vectra notes that 89% of the respondents are convinced that traditional approaches are no longer able to protect infrastructures from new threats and that the rules of the game should be changed when it comes to dealing with attackers. The survey took part in 200 decision makers of the IT world and safety, which work in organizations with more than a thousand employees in the United Kingdom.
The report reveals how the security leaders now judge the traditional tools ineffective, which would prevent protecting organizations from new threats. The managers believe that a new approach to detect and stop the attacks that exceed the defenses of current instruments. In particular, the report highlighted some interesting data:
- 76% of security leaders purchased tools that did not prove to be up to the promises - poor integration, failure to detect modern attacks and lack of visibility are the three main reasons for the failures mentioned by the managers
- 69% think that their organization may have undergone a violation without the security team being noticed - a third of the sample considers it "probable"
- 90% of respondents say that recent high -profile attacks they pushed the Board of Directors to start taking computer security in due consideration
- 69% are convinced that cyber criminals are climbing the current tools and that innovation on safety is behind years compared to hackers
- More than half (54%) today invests in the detection as much as on protection (if not more), suggesting a positive change and the abandonment of a preventive mentality.
"Digital transformation pushes change at an increasingly faster rhythm. Yet companies are not the only ones to innovate: even the cyber criminals are doing it," he commented Massimiliano Galvagna, Country Manager for Italy of Vectra AI. "With the current evolution of the panorama of IT threats, traditional defenses are becoming progressively ineffective. Organizations need modern tools to have visibility from the cloud to the Hon Premise. They need leader of security that are intended for corporate risk, of the boards that are ready to listen and a technological strategy based on risk acceptance. Because the question is not he The company will suffer a violation, but When”.
Security leaders are now resigned to the idea that the attackers are a step forward, with 69% of the respondents convinced that IT criminals are circumventing the current defense tools and that the innovation on safety introduced by their company is behind years compared to that used by hackers.
This may be due in part to the traditional consideration reserved in companies in the world of security and the lack of communication between Security Team and Board of Directors. 58% of the sample believe that, when safety discusses, the Board of Directors is at least ten years back, while 82% believe that the decisions on the subject adopted by the board are influenced by the relationships already existing with traditional and IT security vendors. Another 68% support the difficulty of communicating the value of safety to the Board of Directors, as difficult to measure. Consequently, the leaders of security are more relying than ever on their channel partners: 85% say they are grateful to have a partner who trusted to guide him, in front of a high number of suppliers who promise all the same things.
From the GDPR to the Network and Information Security Directive, practice and IT security standards are modeled on the basis of regulation. Although this is crucial to maintain reliable organizations, the Vectra report found that 58% of respondents believe that legislators are not prepared enough to make decisions on cybersecurity subjects and ask for more inputs and collaboration by the sector. In addition, 43% of the sample interviewed claim that the regulators do not have a clear idea of what it means to be on the front line and what should be included in the laws aimed at cybersecurity professionals.
"With a rapid and increasingly complex safety panorama, attackers are ahead more often than it is believed. This means that security leaders must adopt an innovative approach that revolves around detection and response, moving away from preventive strategies", concludes Galvagna. "This new approach to security can create the right conditions for an effective management of IT risk, but, in order for the wider security sector to embrace this proactive culture, greater communication and consultation between the boards of administration and regulatory bodies is needed, to ensure that all the parties are on the same wavelength".
To download the Vectra Security Research Report, click who.
To find out more, visit the Page “New Research Uncovers How Top Security Teams Detect Cyberthreats” sul blog di Vectra.
