LogRhythm, has published the results of new research into the cyber practices of large UK enterprises. The survey of 1,500 IT professionals from organisations with over 1,000 employees revealed that only 15 percent feel confident in their organisation’s cybersecurity capabilities when they see news of a big data breach in the media. In fact, over a third (38 percent) are driven to make additional investments when a high-profile data breach occurs. Other key findings included:
- 47 percent of enterprises review their security defences once a quarter
- The primary reason firms review their security defences is to meet regulations (46 percent), whilst 40 percent state existing tools that detect anomalous activity push them to invest in new tools
- Nearly one year on, only 32 percent feel confident they can meet every GDPR requirement
- 19 percent of IT professionals are worried they will lose their job should they suffer a data breach
“These results are worrying as whilst firms have expressed concerns about the regular occurrence of data breaches hitting today’s headlines, it seems like there’s still a long way to go when it comes to addressing their own cybersecurity capabilities,” said Ross Brewer, VP & MD EMEA, LogRhythm. “Today’s hackers are smart, creative and persistent enough for even the most well-equipped business to be compromised. Having the most up-to-date, sophisticated tools in place is key in combatting modern-day threats.”
The research also revealed that the three biggest challenges faced by IT professionals are the inability to detect the full range of threats (34 percent), difficulty in finding skilled cyber professionals for their teams (34 percent), and limited budget to invest in cyber defences (33 percent). It’s unsurprising then that a similar proportion (32 percent) worry about the lack of time and staff to identify and mitigate today’s threats manually.
One clear reason for these worries is a decided lack of automation when it comes to threat detection. Only 23 percent of companies have a fully automated playbook to help improve responses to alerts. Slightly more firms (30 percent) are using a Security Information and Event Management (SIEM) approach and just over a quarter (28 percent) have User and Entity Behaviour Analytics (UEBA) in place. For those that are using SIEM, the biggest benefit is faster detection and response (21 percent) and enhanced compliance (18 percent).
“The volume and variety of security threats have both increased greatly over the last few years, to the point where manual detection is all but impossible,” continued Brewer. “The correlation between a lack of automation in threat detection and overstretched security teams makes sense, but the fact that these are some of the largest organisations in the country is cause for concern.
“These companies have the largest networks, the most valuable data and are key targets for cybercrime. Cybersecurity teams are suffering from a broad range of pressures – from threat detection, new regulation and the skills shortage – and more clearly needs to be done to alleviate these pressures. The allocation of more budget towards automation of threat detection is one way that this could be achieved, and failure to do so may well prove costly in the future.”