The research reveals the point of view of IT leaders on security strategies and solutions based on prevention
Milan – 28 April 2022 — Vectra AI, a cybersecurity leader in detecting and remediating cyber threats for hybrid and multicloud enterprises, today released the results of its latest Security Leaders Research Report. The global research, conducted on 1,800 IT security managers in companies with over 1,000 employees[1], revealed that, from February 2021 to February 2022, 74% of respondents experienced a “significant” security issue within their organization that required a response effort.
This alarming statistic comes at a time when cyber threats are increasing and security and IT teams must meet ever-higher expectations to keep their organizations protected from these threats. 92% of respondents admitted they felt more pressured over the last year to keep their organization safe from cyberattacks.
The report highlights the security industry's inability to keep pace with evolving cybercrime tactics, techniques and procedures (TTPs). Security strategies and solutions based on a preventive approach, incapable of understanding the complexities of the behavior of modern cyber criminals, still remain the most widespread, leaving organizations exposed and exposed to a potential breach. Among the key findings of the research, it still emerges that:
– 83% of IT leaders believe that traditional approaches do not protect against modern threats and that the rules of the game need to be changed when it comes to tackling cybercriminals
– 79% of security managers have purchased tools that have proven to be unsuccessful, at least on one occasion; among the reasons for these failures, poor integration, the inability to detect modern attack types and the lack of visibility are cited
– almost 3 out of 4 organizations (equal to 72%) admit the possibility of having suffered a breach without knowing it; for 43% it is a circumstance considered "probable"
– 83% of respondents say their board of directors' security decisions are influenced by existing relationships with traditional IT and security vendors
– For 87% of respondents, recent attacks on high-profile companies have led boards of directors to start taking cybersecurity more seriously.
“Organizations should certainly try to make life as difficult as possible for cybercriminals, but that doesn't mean the focus on prevention should come at the expense of detection,” he said Tim Wade, Deputy Chief Technology Officer di Vectra. "Even if a cyber threat actor successfully gains access to a device or corporate network, there are still several stages of the attack chain to complete before achieving their goal. In a high-stakes game, such as cyber attacks, where criminals hold many trump cards, detection and response is the best option to minimize the impact of any breach as quickly as possible."
Not only did more than eight out of ten respondents (83%) recognize that traditional approaches do not protect against modern threats, but as many as 71% think that cybercriminals are overtaking traditional defense tools unchallenged and that security innovation is light years behind hackers. An additional 71% also believe that security guidelines, policies and tools are failing to keep pace with threat actors' TTPs. The current cybersecurity skills shortage was also cited by respondents as a barrier to overcoming traditional security strategies, with 50% of respondents believing that companies could add more security experts to their team.
"Digital transformation and modernization initiatives in the IT world are driving change at an ever-increasing pace. However, companies are not the only ones innovating: cybercriminals are doing so too," added Wade. "Organizations need security leaders who can speak the language of business risk and boards of directors who are ready to listen. But, above all, they need a technology strategy based not on the hypothesis, but on the assumption of compromise: the question to ask is not he The company will suffer a violation, but When”.
[1] The research was conducted on 1,800 IT security managers in companies with more than 1,000 employees in Italy, France, Spain, Germany, Sweden, Saudi Arabia, the United Arab Emirates and the United States, and with more than 500 employees in the Netherlands, Australia and New Zealand.
Research information
To download the Vectra Security Research Report, click who. To read the blog post, New data suggests it's time to change the way organizations deal with cyberattacks, click who.
[1] The research was conducted on 1,800 IT security managers in companies with more than 1,000 employees in Italy, France, Spain, Germany, Sweden, Saudi Arabia, the United Arab Emirates and the United States, and with more than 500 employees in the Netherlands, Australia and New Zealand.
