What makes achieving cyber resilience difficult?

Anomali published a report which provides visibility into the current threat landscape, reveals the top challenges to establishing a resilient cybersecurity posture, and provides details on how enterprises are adjusting their cybersecurity strategies.

The research team analyzed the findings from the commissioned Harris Poll of 800 cybersecurity decision makers to provide insights on how to overcome obstacles and improve detection and response capabilities to stop not only breaches, but also attackers.

Cybersecurity decision makers surveyed came from global enterprises based in all regions with 5,000 employees or more. Because COVID-19 has had a profound influence on cybersecurity, we asked them questions about their organizations ranging back to 2019, helping us to better understand the state of resilience before the pandemic and how it has impacted their organizations.

The current threat landscape

• 87 percent of enterprise security decision makers were the victims of successful cyberattacks perpetrated against them that resulted in damage, disruption, or a breach to their business in the past 3 years. Since the pandemic started, 83 percent have experienced more attempted cyberattacks, 87 percent report an increase in phishing emails, with many leveraging COVID-19 related themes.
• 52 percent of enterprise security decision makers have been impacted by ransomware attacks in the past 3 years. 39 percent of those impacted paid a ransom. Of these, 58 percent paid $100,000 to just under a million, 7 percent spent a million dollars or more.
• Overall losses, due to cyberattacks, phishing email campaigns, and data breaches jumped significantly between 2019 and 2020. In 2019, 15 percent of organizations reported losses of $500,000 or more, in 2020 this almost doubled to 28 percent (2021 losses not available during the survey period).

Key reasons revealing why achieving cyber resilience is difficult

• Only 49 percent of enterprise security decision makers strongly agree that their cybersecurity teams can quickly prioritize threats based on trends, severity, and potential impact on their organization.
• On average, enterprise security decision makers are taking several days to detect known cyberattacks coming from adversaries that include cybercriminal organizations (3.6 days), individual hackers (3.5 days), APTs (3.3 days), and nation states (2.9 days). After the Solar Winds breach was known, on average it took organizations 2.9 days to respond and 3.1 to recover.
• Only 46 percent of enterprise security decision makers strongly agree that their cyber-protection technologies can evolve to detect new globally identified threats. 32 percent strongly agree their team struggles to keep up with the rapidly changing cybersecurity threat landscape.

How enterprises are adapting strategies

• To address detection gaps legacy technologies leave open, security decision makers are turning to new tech, and currently using innovations such as threat intelligence (59%), extended detection and response (XDR) technologies (48%), and the MITRE ATT&CK Framework (43%).
• 78 percent of security decision makers have re-evaluated cybersecurity strategies since the start of the pandemic, 74 percent say their budgets for cybersecurity have increased over the past year. They report, on average, that 38 percent of their overall budget is now devoted to cybersecurity.
• When evaluating new cybersecurity technologies, security decision makers say the top attribute they consider essential is whether it has a high level of support available to users (48%). Ease of use was ranked second at 46 percent, and the ability to integrate with other cybersecurity systems and functions across other parts of the organization was rated third at 44 percent. The least important considerations were ROI (33%) and cost (26%).

Analysis and advice

• Big data – Cybersecurity professionals are now using big data analytics to identify threats before they happen. By integrating tools that leverage vast amounts of big data, including indicators of compromise (IOCs), observed behaviors, adversary knowledge, and threat models organizations can know immediately if threats are attacking or present in their networks.
• Threat intelligence sharing – Only 52 percent of enterprise security decision makers believe their organizations are very effective when it comes to sharing threat intelligence across internal resources. Organizations need to adopt solutions that can automate and operationalize threat intelligence across the entirety of their security infrastructure, so that people, processes, and security controls can benefit from all available data for smarter decision making and immediate response.
• Adversary motives – Nearly half of enterprise security decision makers admit they don’t understand adversaries’ motives very well. The persistent noise from threat actors of lower to mid-level sophistication can make indicators of compromise (IOCs) seem like a drop in the ocean. While all this is occurring, more sophisticated groups can hide in the noise while creating custom tools and malware, or abusing legitimate software, to conduct targeted attacks. Therefore, it is crucial to understand threat actors’ motives to know how they work and which adversaries may target your organization.

“We’ve known that cyberattacks have been increasing over the course of the pandemic, but we didn’t know to what degree global enterprises as a whole were being impacted. This new research reveals that adversaries have not only stepped up the number of attacks they have started launching since COVID-19 first struck the world, but have also greatly improved their success rates,” said Hugh Njemanze, President, Anomali.

“We were encouraged to learn that many organizations are devoting more resources to cybersecurity and adopting new technologies to become more resilient. We were also deeply concerned over how difficult it is for them to detect and respond to attackers before and after they’ve made their way into networks. This report will not only help the community to focus their investments in the right areas, but also help our research and product teams to deliver more efficient and effective solutions to the market.”