Despite 43% of businesses believing their biggest challenge in detecting and remediating threats is an over-abundance of tools
A worrying 73.48% of organisations feel they have wasted the majority of their cybersecurity budget on failing to remediate threats, despite having an over-abundance of security tools at their disposal. The survey conducted by Gurucul, the leader in security and fraud analytics technology, among 180 attendees at the 2022 RSA Conference was asked what attendees felt were the biggest threats to their security operations and efficiencies.
Only 25% of organisations consider their biggest threat to be from inside the business, despite insider threats increasing by 47% over the past two years. With only a quarter of businesses seeing their biggest threat emanating from inside their organisation, it seems over 70% saw the biggest cybersecurity challenges emanating from external threats such as ransomware. In fact, although external threats account for many security incidents, we must never forget to look beyond those external malicious and bad actors to insider threats to effectively secure corporate data and IP.
The survey also found 33% of respondents said they are able to detect threats within hours, while 27.07% even claimed they can detect threats in real-time. However, challenges persist with 33.15% of respondents stating that it still takes their organisation days and weeks to detect threats, with 6% not being able to detect them at all.
“Given the sophistication and attack-techniques that threat-actors deploy these days, even the ability to detect threats within hours isn’t fast enough, it still gives attackers plenty of time to gain a stable foothold within an organisation’s network,” comments Saryu Nayyar, CEO of Gurucul. “While these statistics are alarming, they aren’t surprising. What is worrying, however, is the number of respondents that don’t feel that insider threats can pose a danger to business. Particularly, with cybercriminal groups targeting individuals to recruit in order to help them gain access to networks. Fact is, 98% of companies are vulnerable to insider threats, and not enough is being done to prevent or protect against them.”
According to the study, 33.15% have spent hundreds of thousands of dollars trying to remediate threats and 15.47% said millions of dollars, demonstrating the extent to which organisations are willing to go to protect themselves against malicious actors. It also hints at the fact that many of these chosen solutions potentially don’t deliver the expected results; reflected in 41.99% believing approximately 50-100% of their budget has been wasted on these efforts.
Nayyar continues, “Despite organisations admitting to this, 28.7% are aware that speed is the key to remediating threats. The faster an organisation can identify and address new, emerging and unknown threats, the better protected it will be. This goes hand in hand with automation, which would allow organisations to foster 24/7 incident response, even over holiday periods or staff shortages, cultivating a much more robust cybersecurity culture.”