The results of a 2015 Incident Detection and Response Survey conducted by security analytics provider Rapid7 were released last week, and the findings should raise some eyebrows. They derive from a survey of 271 security professionals at organizations of various sizes from all over the world, who were asked to focus on their biggest security concerns and planned initiatives for 2016.
The survey concluded that while 90% of organizations are worried about compromised credentials, an alarming 60% say they cannot detect these types of attacks today. Even more troublesome is that 62% of organizations are receiving more alerts than they can possibly investigate.
These are jarring statistics, considering compromised credentials have been the leading attack route for the last five years according to the Verizon 2015 Data Breach and Investigations Report.
Even more jarring: Once they breach a network, intruders remain undetected for an average of 197 days within retail organizations and 98 days within financial services organizations.
Most participating companies have begun to take steps to better secure their environment. A clear majority of security teams (73%) have either deployed SIEM or are planning to do so. But there are only so many hours in the day, and security teams have limited resources. They still have to face the disparity between how many alerts are generated and how many can actually be investigated.
As we said above, 62% of the professionals surveyed said their organization receives more daily alerts than can be viewed, investigated and remediated. A full 76% of respondents are not comfortable investigating more than 25 alerts a day, even though 29% are receiving more than 75 alerts every day.
The Verizon report identified the top three attack vectors as compromised credentials, malware, and phishing. Companies must ensure that attacks leveraging any of these methods can be detected and addressed immediately.
And yet over a third of those surveyed – – from organizations of all sizes across industries such as healthcare, finance, retail, and government – – admitted they either don’t have visibility into the risks their network faced or they lack didn’t have the resources to address them.
What’s worse…not knowing the risk, or knowing but being incapable of alleviating it? (Hint: Either way, it’s not good.)
Don’t be left in the dark when it comes to YOUR company’s data security. Contact SLPowers today and speak with an industry expert about putting a comprehensive security solution in place for your business.
Image Source: Rapid7