Cyber attackers are still riding the wave of success by attacking those surfing the web through their endpoint systems.
All the valuable data – logins, access credentials and more – are still being regularly accessed by hackers, SANS has found in their 3rd endpoint security survey.
After quizzing 829 IT professionals, they’ve concluded that there’s a clear need for a more proactive approach to detecting threats and compromises. 44% of respondents said their endpoint systems had been compromised ovethe last 2 years, with a brave 15% admitting they didn’t know how many threats were detected through actively hunting for them.
Over 1 in 4 respondents said it was a third party that notified them of the breach, rather than it being detected initially by the company under attack. So does someone, or something, need to get its act together? Or are the hackers one step ahead of the security community?
Well we know that hackers are always looking for new methods and we know that they have several methods at their disposal – with new phishing methods, new exploit kits and like cropping up left right and centre. What’s more, methods that have been used consistently for decades (quite literally a lifetime in computing terms), such as DDoS attacks, have been found to evolve and change in nature to evade security measures, as found by companies such as Corero in their analyses.
Many experts have in the past cited a lack of network visibility as the core factor undermining their security posture. However it depends who you ask and what experiences they’ve had in the past – ask the CISO of a company that was badly phished and they’ll say their end users are the weak point, as hackers target their lack of awareness in order to get in. Ask someone who’s had an APT lurking on their system for 12 months that then blew up and they’ll say it’s a visibility problem.
What SANS has found is that 41% of respondents said they were unable to acquire information about unauthorised sesnsitive data that they need to detect threats. Furthermore 74% of those surveyed said that they want results from endpoint quesries in an hour or less – 38% want that data in 5 minutes or less!
As is so often with apprehending crime and fraud, it appears that SPEED is of the essence, with the ability to act quickly beng essential to prevent further damage and expense.