A recent survey has shown that 73.48% of organisations feel they have wasted the majority of their cybersecurity budget on failing to remediate threats, despite having an over-abundance of security tools at their disposal. The survey was conducted by Gurucul among 180 attendees at the 2022 RSA Conference, and asked attendees about their opinions on the biggest threats to security operations and efficiencies.
Results also suggested that only 25% of organisations consider their biggest threat to be from inside the business. This is despite the fact that insider threats have increased by 47% over the past two years. With only a quarter of businesses seeing their biggest threat emanating from inside their organisation, it seems over 70% saw the biggest cybersecurity challenges emanating from external threats such as ransomware. In fact, although external threats account for many security incidents, it is vital that business leaders and information security teams never forget to look beyond those external malicious and bad actors to insider threats to effectively secure corporate data and IP.
Fortunately, the survey found that 33% of respondents said they are able to detect threats within hours, while 27.07% even claimed they can detect threats in real-time. Despite this, challenges still persist with 33.15% of respondents stating that it still takes their organisation days, even weeks, to detect threats, with 6% not being able to detect them at all.
“Given the sophistication and attack-techniques that threat-actors deploy these days, even the ability to detect threats within hours isn’t fast enough, it still gives attackers plenty of time to gain a stable foothold within an organisation’s network,” comments Saryu Nayyar, CEO of Gurucul. “While these statistics are alarming, they aren’t surprising. What is worrying, however, is the number of respondents that don’t feel that insider threats can pose a danger to business. Particularly, with cybercriminal groups targeting individuals to recruit in order to help them gain access to networks. Fact is, 98% of companies are vulnerable to insider threats, and not enough is being done to prevent or protect against them.”
According to the study, 33.15% have spent hundreds of thousands of dollars trying to remediate threats and 15.47% said millions of dollars, demonstrating the extent to which organisations are willing to go to protect themselves against malicious actors. It also hints at the fact that many of these chosen solutions potentially don’t deliver the expected results; reflected in 41.99% believing approximately 50-100% of their budget has been wasted on these efforts.
Nayyar concludes, “Despite organisations admitting to this, 28.7% are aware that speed is the key to remediating threats. The faster an organisation can identify and address new, emerging and unknown threats, the better protected it will be. This goes hand in hand with automation, which would allow organisations to foster 24/7 incident response, even over holiday periods or staff shortages, cultivating a much more robust cybersecurity culture.”