Barkly recently released a survey of 350 IT professionals to gauge their confidence in the existing information security infrastructure. One key finding is that 50% have confidence in their current security posture. According to Barkly researchers, that means 50% are not confident. A Dark Reading article reported that Barkly co-founder and CTO Jack Danahy “found it startling that such a large number of respondents in the survey don’t trust their security solutions. ‘Around half of the people we talked to don’t have confidence in the choices that they’ve already made,’ says Danahy.” Given other market data, I’m surprised that half have any confidence at all.
Breaches Rise and Go Undiscovered
The Cyberthreat Defense Report from CybeEdge Group (download here) recently reported that 76% of the thousand companies it surveyed experienced a breach in 2015 and 62% expect at least one breach in 2016. Of course, the Cyberthreat Defense Report participants have shown a pattern of overconfidence over the past four years. Actual breaches have consistently outpaced expectations by 20-30 percent.
The Barkly report revealed that two-thirds of respondents suffered an average of 2.7 breaches last year, which is the same amount that the largest companies experienced (see chart). What about the other third? They don’t know. If we break down the data further, we find that about one-quarter reported zero breaches. That appears to align closely with the Cyberthreat Defense Report findings, falling within a 1% variance. However, the 25% of the total sample is actually 38% of those that felt confident they knew about their annual breach situation. This means that the 62% of respondents that could faithfully report on their 2015 breach situation actually suffered an average of 4.3 breaches during the year.
If we apply the Ponemon Institute global average cost of $3.5 million for each incident, these breached companies suffered $15 million in 2015 losses. Even at a 2.7 incident average, it would be nearly $9.5 million. The numbers are large. No wonder the Cyberthreat Defense Report found that 74% of information security teams expect a 2016 budget increase.
The other obvious question is whether the zero-reported breaches cohort is actually correct in their assessment. Recent data from Mandiant suggest that breaches go undetected for an average of 146 days. However, that number is skewed by the most effective information security teams that reliably identify breaches on their own. This group represents 47% of companies and they report breach dwell times of only 56 days.
More than half of companies report that breaches were actually identified first by outsiders and not by in-house information security teams. These incidents had average dwell times of 320 days. It’s a fair assumption that a significant portion of the companies with zero reported incidents had an active breach that simply hadn’t been detected at the time of the survey.
Regaining Confidence in Information Security
There are two factors playing into the confidence assessment found by Barkly. First, the high likelihood of a breach invariably will undermine the confidence of teams in their existing information security infrastructure. Second, those companies that report breaches are dealing with multiple incidents annually. When you add in the factor of long dwell times and the heightened risk of significant work disruption, damage to customer relationships and high recovery costs, the concerns appear well founded. Both IT professionals and Executives in the Barkly survey cited these as top impacts.
If there were solutions that could eliminate breaches, that would have the biggest impact on raising confidence. However, the rise in attack frequency and sophistication has driven industry sentiment to a reluctant acceptance of the high likelihood of breach. The biggest gap in most organizations is a lack of effective tools to detect and contextualize breaches. The second most important capability gap is an effective way to prioritize risks and vulnerabilities to ensure the most critical issues are addressed first and attack vectors are closed prior to exploit.
Analytics Can Improve Visibility and Confidence
These are two areas where information security analytics is playing a critical role today. The reason so many breaches have long dwell times is that the activity isn’t easily detected by a single system. Attackers have become more adept at applying techniques to evade specific detection approaches employed by infosec software and hardware vendors. However, the activity becomes visible when viewing data across the entire enterprise IT infrastructure. This is only possible with an analytics solution that can easily integrate data from a variety of proprietary and open-source systems and has the scalability to crunch large data sets.
If you would like to learn more about IKANOW Information Security Analytics, request a demo to see how analytics can reduce time to breach detection and increase analyst productivity by as much as 50%.
By Scott Raspa