Despite the money being poured into cybersecurity by IT departments, the leading cause of breaches of security controls was the failure of technology to detect an attack, a new survey from Trellix suggests.
Forty-two per cent of respondents to the international survey of infosec leaders whose organization had suffered a recent cyber attack said their technology didn’t detect the breach.
Other top causes (multiple responses were allowed) included a breach due to an attack on the organization’s supply chain (40 per cent); a missed vulnerability (40 per cent); an analyst missing an alert (38 per cent); and password misuse (36 per cent).
More significantly, the number of infosec leaders reporting the root cause of a successful cyber incident was lack of detection is increasing. Respondents said more than three years ago, technology not detecting an attack was the root cause of nine per cent of attacks. But in the past year it was the root cause of 22 per cent of attacks.
“It’s increasingly more likely technology cannot keep up with the attacker’s ability to penetrate their defenses,” the report concludes.
The study, called “The Mind of the CISO: Behind the Breach” interviewed 512 security leaders in medium to large organizations from 13 countries who have managed at least one major cybersecurity incident in the past five years.
Despite the seeming failure of technology to detect many breaches, respondents equally felt that people, processes, and technology needed an overhaul in the IT departments after a successful breach.
Many of those surveyed said in the aftermath of an attack, almost every process and technology was changed (multiple responses were allowed): Forty-six per cent of respondents said they got increased budgets, 44 per cent said they created regular reviews of capabilities, IT infrastructure and staffing, an equal number said they contracted with additional cybersecurity services such as incident response, 42 per cent said they rethought their overall cybersecurity strategy, and 41 per cent said they implemented new frameworks or standards.
Interestingly, few infosec leaders questioned found a successful breach of security controls was devastating to themselves. Ninety-one per cent of respondents slightly or strongly agreed they had an increase in motivation levels during the incident.
“Organizations need to prioritize building cyber resilience to prevent future attacks,” the report concludes. “This requires significant investment in the right people, processes, and technology solutions. As made evident in this research, CISOs are in need of additional resources and support, starting at the board level, to make the required investments, training, and overhaul needed to keep pace with the evolving threat landscape.
“New global regulations and legal ramifications in the wake of cyber incidents should help to prioritize the needs of CISOs moving forward, equipping them with the resources to effectively and efficiently manage cyber threats.”