Cloud

2/13/2018
10:25 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

One in Three Businesses Use Outdated Cybersecurity Tools to Address Next-Gen Threats

New research from Cyber adAPT and Ovum reveals that despite increased spending and frequency of threats, businesses are not fully equipped to face growing threat landscape.

February 7th 2018 – Dallas, Texas – A new report released today, commissioned by Cyber adAPT and conducted by Ovum, reveals that nearly a third (31%) of security teams depend solely on outdated tools such as basic search and monitoring for their cyber security needs.

The report, Business has a crucial need for continuous threat visibility and cyber security management services, collates insight from more than 6,000 senior business respondents, as well as in-depth interviews with CISOs, and demonstrates that cyber security spending is increasing at a rate of between 9%-12% each year.

Despite the rise in investment, the volume of attacks continues to skyrocket, with data breach incidents increasing by 40%. The report states that the amount of data lost has grown to unsustainable levels, with 1.9 billion records lost or stolen during the first half of 2017 – more data loss than 2016 as a whole.

This industry is however showing positive signals, with over two-thirds (69%) of security teams switching to a more evolved, analytical approach to defense. These include advanced security information and event management (SIEM), next-generation artificial intelligence (AI), machine learning (ML), and network analytics.

Kirsten Bay, President and CEO of Cyber adAPT, comments: “New generation technologies offer an exciting future for the cyber security industry. Many CISOs are struggling to persuade their boards to invest in new solutions, having failed to demonstrate the returns delivered by outdated tools – in fact, almost 60% of respondents thought they received poor value from their existing investments.”

For organizations not yet utilizing next generation analytics, over half (57%) of teams said they were not ready as the tools would be too difficult to integrate based on the internal skills and resources they draw upon.

Bay continues: “A platform approach, bolstered by AI and machine learning is set to offer real returns for cyber security customers. Technology will no longer rely on human input to detect threats and will prioritize alerts to streamline the CISOs workload, reducing the amount of time a threat is active inside a network.”

Half of organizations (50%) highlighted false positives as something they could not afford to waste time dealing with. Managed Security Services Providers (MSSPs) deliver prioritized threat data offering the potential to save time, 80% of CISOs stated they were prepared to work with a MSSP, and the report predicts this sector will account for more than 20% of total security market share by 2020.

Andrew Kellett, Principal Analyst, Infrastructure Solutions at Ovum, comments: “With an evolving threat landscape, CISOs are battling to equip organizations to improve security and data protection. The lack of available resources within internal teams creates a vulnerability that technology must address. Prioritizing risk must be the focus to ensure effective returns on cyber security investment and safeguard network infrastructures.”

A full copy of the report can be downloaded at: cyberadapt.com/Ovum

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Ricardo Arroyo, Senior Technical Product Manager, Watchguard Technologies,  1/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He just showed up at my doorstep one day without a geotag."
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3906
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
CVE-2019-3907
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
CVE-2019-3908
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
CVE-2019-3909
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
CVE-2019-3910
PUBLISHED: 2019-01-18
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.