Are IT security pros optimistic or naïve?

Half of IT security practitioners in the U.S. view their organization as an unlikely target for attack, according to a Ponemon Institute survey of 614 IT security practitioners in the U.S. who are familiar with threat detection technologies deployed by their organization and are involved in advanced threat detection activities.

This largely positive outlook could be contributing to a lack of cyber-preparedness as 61 percent of respondents admitted a lack of confidence in their organization’s ability to detect advanced threats.

“This research reveals some major disconnects that IT professionals seem to have between perception and reality. While even circumstantial evidence points to the increasing volume and severity of cyberthreats, it’s shocking to learn that half of security pros don’t even view themselves as a target,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “We’re also seeing discrepancies in the way teams are viewing and reacting to advanced persistent threats. Overall, they’re not confident in their ability to detect advanced threats, but they’re not doing much about it. It’s clear that new solutions are needed.”

When asked what type of cyberattacks cause the greatest concern, the most common answer by far was advanced persistent threats (67 percent), followed by zero-day attacks (57 percent) and login attacks (37 percent).

Despite this high level of concern and a lack of confidence in their ability to detect advanced threats, respondents expressed a surprising disconnect in their urgency to make changes that would address these issues. When asked how their use of advanced threat detection technologies would change 12 months from now, 49 percent said their usage would either not change (43 percent) or decrease (6 percent).

While only 36 percent of respondents are using security analytics, a vast majority see the impact:

  • 90 percent believe security analytics is either essential (19 percent), very important (45 percent) or important (26 percent) to their organization’s ability to maintain strong security.
  • Security analytics helps improve the speed at which indicators of compromise are detected. While studies consistently show that data breaches can persist for months before being detected, respondents say their company receives intelligence within seconds (6 percent), minutes (11 percent) or hours (34 percent) once security analytics has detected an anomaly.

    Respondents shared insight into their perception and usage of machine intelligence:
    • 83 percent believe machine learning is important to achieving a strong cybersecurity posture.
    • A core competency of machine learning behavioral analytics – “baselining” normal behavior – is viewed as important, but is underutilized. Fifty-nine percent of respondents believe spotting the difference between abnormal and normal behavior is important to identifying suspicious artifacts that could verify potential intrusions. However, only 38 percent say their IT security team can do so.
    • The main reasons for investing in machine-generated solutions are to speed up the detection of anomalies (65 percent of respondents), increase the speed of intelligence generation (55 percent of respondents), improve the accuracy of intelligence (50 percent of respondents) and reduce the severity of attacks experienced (49 percent of respondents).
    • To assess the value of machine-generated intelligence, companies are most likely to measure both the increased ability to respond quickly to an existing cyberattack and whether they could successfully prevent the exfiltration of confidential information.