Organizations Pay the Price for Overconfidence in Prevention

Organizations Pay the Price for Overconfidence in Prevention

By Greg Tavarez

Cybersecurity is at an extremely high level of importance for organizations today. (If it’s not, it should be.) Yet more than 80% of organizations experienced a data breach in 2022, according to an IBM report. Funny enough, looking from the outside, alarm bells are not necessarily ringing for businesses to take different cybersecurity actions against more sophisticated attacks.

In fact, countless organizations are confident that they are well-equipped with the tools and processes they need to identify and prevent intrusions and/or breaches, according to an Exabeam survey. So the confidence is high, despite eight out of ten organizations becoming victims of breaches in 2022?

Clearly something strategy-wise has gone wrong.

In its survey, Exabeam looked at what organizations prioritize in their cybersecurity strategies.

Security teams fail because they prioritize prevention over threat detection, investigation and response. They are overconfident in their ability to prevent, but not even 20% of the security professionals in the survey are in the 81%-100% range when it comes to visibility of their network. As one can imagine, bad actors then lurk in dark corners and the possibility of data breaches grows.

Exabeam dug even deeper with its survey and started to peel away the layers of confidence initially shown by security professionals.

Truth be told, the confidence they once had tends to drop when challenged. A scenario, for example, is when they must tell a manager or the board that no adversaries had breached the network at that time. According to the survey, 62% say yes, leaving more than a whopping third with doubts.

“Business leaders are asking, ‘Why do bad things keep happening?’ The answer is that security teams are overconfident,” said Tyler Farrar, Chief Information Security Officer, Exabeam. “Many vendors overpromise, leaving organizations with an ineffective SIEM that can't truly baseline normal behavior.”

Farrar and Exabeam went on to find that this overconfidence is leading to burnout among security teams. As attacks surge, security jobs are more demanding; security teams are unable to prevent crises from cropping up. They lack full visibility due to security product integration issues, are unable to manage the volume of detection alerts with too many false positives, and do not feel confident that they’ve resolved all problems on the network.

For the false positives, it should be noted that some SIEMS don’t use behavioral analytics and can incorrectly flag legitimate user actions as malicious. This increases the number of false positive alerts teams must go through, adding to the rise in mental fatigue.

As a result, security teams can’t match pace with bad actors. According to the survey, just 11% scope the overall impact of detected malicious behaviors in less than one hour, 52% report they can analyze it in one to four hours, and 34% take five to 24 hours to identify high-priority anomalies.

To put into perspective the significance of falling behind, data exfiltration typically begins minutes into an attack, and adversaries can do significant damage in just a few hours.

“Despite significant spending on prevention tools, adversaries are still breaking into organizations using compromised credentials — which prevention solutions can’t detect,” said Sam Humphries, Head of Security Strategy, EMEA, Exabeam.

Humphries went on to say that organizations need to invest in detection tools with automated insights, behavioral analytics and processes provided by platforms like the New-Scale SIEM. Doing this enables security teams to be better positioned to detect, investigate and respond to bad actors.




Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

Real Estate Forecast 2025: Emerging Developments and Market Shifts

By: Contributing Writer    7/1/2025

Buying or selling property can be challenging. Rising mortgage rates and fluctuating home prices leave many uncertain about their next move. Business …

Read More

Protecting Business Assets with Smarter Security Frameworks

By: Contributing Writer    7/1/2025

Protecting your business is more challenging than ever. Cyber threats are increasing every day. Hackers target small and large businesses alike, searc…

Read More

Reimagining Public Transportation in the Era of Smart Mobility

By: Contributing Writer    7/1/2025

Public transportation can be frustrating. Buses stuck in traffic, late trains, and hard-to-navigate systems often leave people stressed or stranded. M…

Read More

SonicWall Powers Secure Access for Missouri MSP, Improving Cybersecurity and Network Access for Clients

By: Erik Linask    6/27/2025

With SonicWall, Stronghold Data delivers a modern, secure remote access solution that ensures access to networks and resources and improves cybersecur…

Read More

Guardz Unleashes AI-Driven ITDR to Combat Escalating Identity-Based Threats

By: Erik Linask    6/26/2025

The launch of Identity Threat Detection and Response (ITDR) gives MSPs the tools to defend SMBs against increasingly sophisticated attacks targeting u…

Read More