Cybersecurity is at an extremely high level of importance for organizations today. (If it’s not, it should be.) Yet more than 80% of organizations experienced a data breach in 2022, according to an IBM report. Funny enough, looking from the outside, alarm bells are not necessarily ringing for businesses to take different cybersecurity actions against more sophisticated attacks.
In fact, countless organizations are confident that they are well-equipped with the tools and processes they need to identify and prevent intrusions and/or breaches, according to an Exabeam survey. So the confidence is high, despite eight out of ten organizations becoming victims of breaches in 2022?
Clearly something strategy-wise has gone wrong.
In its survey, Exabeam looked at what organizations prioritize in their cybersecurity strategies.
Security teams fail because they prioritize prevention over threat detection, investigation and response. They are overconfident in their ability to prevent, but not even 20% of the security professionals in the survey are in the 81%-100% range when it comes to visibility of their network. As one can imagine, bad actors then lurk in dark corners and the possibility of data breaches grows.
Exabeam dug even deeper with its survey and started to peel away the layers of confidence initially shown by security professionals.
Truth be told, the confidence they once had tends to drop when challenged. A scenario, for example, is when they must tell a manager or the board that no adversaries had breached the network at that time. According to the survey, 62% say yes, leaving more than a whopping third with doubts.
“Business leaders are asking, ‘Why do bad things keep happening?’ The answer is that security teams are overconfident,” said Tyler Farrar, Chief Information Security Officer, Exabeam. “Many vendors overpromise, leaving organizations with an ineffective SIEM that can't truly baseline normal behavior.”
Farrar and Exabeam went on to find that this overconfidence is leading to burnout among security teams. As attacks surge, security jobs are more demanding; security teams are unable to prevent crises from cropping up. They lack full visibility due to security product integration issues, are unable to manage the volume of detection alerts with too many false positives, and do not feel confident that they’ve resolved all problems on the network.
For the false positives, it should be noted that some SIEMS don’t use behavioral analytics and can incorrectly flag legitimate user actions as malicious. This increases the number of false positive alerts teams must go through, adding to the rise in mental fatigue.
As a result, security teams can’t match pace with bad actors. According to the survey, just 11% scope the overall impact of detected malicious behaviors in less than one hour, 52% report they can analyze it in one to four hours, and 34% take five to 24 hours to identify high-priority anomalies.
To put into perspective the significance of falling behind, data exfiltration typically begins minutes into an attack, and adversaries can do significant damage in just a few hours.
“Despite significant spending on prevention tools, adversaries are still breaking into organizations using compromised credentials — which prevention solutions can’t detect,” said Sam Humphries, Head of Security Strategy, EMEA, Exabeam.
Humphries went on to say that organizations need to invest in detection tools with automated insights, behavioral analytics and processes provided by platforms like the New-Scale SIEM. Doing this enables security teams to be better positioned to detect, investigate and respond to bad actors.
Edited by Alex Passett