Cloud

2/13/2018
10:25 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

One in Three Businesses Use Outdated Cybersecurity Tools to Address Next-Gen Threats

New research from Cyber adAPT and Ovum reveals that despite increased spending and frequency of threats, businesses are not fully equipped to face growing threat landscape.

February 7th 2018 – Dallas, Texas – A new report released today, commissioned by Cyber adAPT and conducted by Ovum, reveals that nearly a third (31%) of security teams depend solely on outdated tools such as basic search and monitoring for their cyber security needs.

The report, Business has a crucial need for continuous threat visibility and cyber security management services, collates insight from more than 6,000 senior business respondents, as well as in-depth interviews with CISOs, and demonstrates that cyber security spending is increasing at a rate of between 9%-12% each year.

Despite the rise in investment, the volume of attacks continues to skyrocket, with data breach incidents increasing by 40%. The report states that the amount of data lost has grown to unsustainable levels, with 1.9 billion records lost or stolen during the first half of 2017 – more data loss than 2016 as a whole.

This industry is however showing positive signals, with over two-thirds (69%) of security teams switching to a more evolved, analytical approach to defense. These include advanced security information and event management (SIEM), next-generation artificial intelligence (AI), machine learning (ML), and network analytics.

Kirsten Bay, President and CEO of Cyber adAPT, comments: “New generation technologies offer an exciting future for the cyber security industry. Many CISOs are struggling to persuade their boards to invest in new solutions, having failed to demonstrate the returns delivered by outdated tools – in fact, almost 60% of respondents thought they received poor value from their existing investments.”

For organizations not yet utilizing next generation analytics, over half (57%) of teams said they were not ready as the tools would be too difficult to integrate based on the internal skills and resources they draw upon.

Bay continues: “A platform approach, bolstered by AI and machine learning is set to offer real returns for cyber security customers. Technology will no longer rely on human input to detect threats and will prioritize alerts to streamline the CISOs workload, reducing the amount of time a threat is active inside a network.”

Half of organizations (50%) highlighted false positives as something they could not afford to waste time dealing with. Managed Security Services Providers (MSSPs) deliver prioritized threat data offering the potential to save time, 80% of CISOs stated they were prepared to work with a MSSP, and the report predicts this sector will account for more than 20% of total security market share by 2020.

Andrew Kellett, Principal Analyst, Infrastructure Solutions at Ovum, comments: “With an evolving threat landscape, CISOs are battling to equip organizations to improve security and data protection. The lack of available resources within internal teams creates a vulnerability that technology must address. Prioritizing risk must be the focus to ensure effective returns on cyber security investment and safeguard network infrastructures.”

A full copy of the report can be downloaded at: cyberadapt.com/Ovum

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/12/2018
Can Android for Work Redefine Enterprise Mobile Security?
Satish Shetty, CEO, Codeproof Technologies,  2/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: One agent too many was installed on Bob's desktop.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.