Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

4/20/2018
08:05 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt
50%
50%

Cyber Attacks Have Doubled, but Security Is Getting Better at Blocking Them

In a survey, Accenture said the number of targeted attacks like ransomware and DDoS are growing, but organizations are getting better and faster at detecting them.

Cybersecurity so far this year is offering a mix of good news, bad news and warnings, according to a report released this week by professional services company Accenture.

The bad news is that the number of targeted cyber attacks like ransomware and distributed denial-of-service (DDoS) has more than doubled this year, an indication of the increasing threats facing organizations undergoing dramatic digital transformations of their businesses.

However, companies have dramatically done better so far this year over 2017 at protecting themselves against such attacks, detecting and blocking 87% of the breaches compared with 70% last year, according to Accenture's report "2018 State of Cyber Resilience," which was released as the RSA Conference 2018 got underway in San Francisco. That said, the study's authors noted that even with only 13% of targeted attacks getting through the defenses, that means that organizations are still seeing an average of 30 successful breaches a year, and they warned that companies must continue to invest security solutions and embrace emerging technologies like artificial intelligence, machine learning and automation.

(Source: iStock)
(Source: iStock)

"The research shows that 83 percent of survey respondents believe that breakthrough technologies, such as artificial intelligence (AI), machine or deep learning, user behavior analytics, and blockchain, are essential to securing the future of their organizations," the authors wrote in their report. "Indeed, it is breakthrough technologies that will drive the next round of cyber resilience -- although only two out of five business leaders are already investing in areas like machine learning/AI and automation." (See Automation Is a Key to Future Enterprise Security Report.)

Accenture surveyed 4,600 enterprise security professionals at companies from more than 15 countries and with more than $1 billion in revenue. The survey ran from January to March and found an average of 232 attacks this year compared with 106 in 2017, with the attacks designed to get past network security and either cause damage or steal data or other corporate assets.

"Over the past year, there are a number of areas where organizations have improved their cyber resilience as they get better at detection, prevention and collaboration," Ryan LaSalle, global managing director for Accenture Security, Growth and Strategy and Cyber Defense Lead, wrote in an email to Security Now. "We believe the increase in attacks can be attributed to both the increased threat activity in the market and also the results of increased detection coverage across organizations. We're also seeing a change in the reporting structure and governance for cybersecurity, with two-thirds of CEOs and boards now having direct oversight of cybersecurity. Budget authorization is also elevated with CEOs and boards now approving 59% compared with only 33% last year. This provides strong evidence for the benefits of connecting security improvement to better risk governance and business engagement."

Collaboration improves cybersecurity
The collaboration not only within security teams but also outside of them has been important. Security teams within an organization are finding 64% of breaches, about the same as last year, they survey found. Of the attacks that the security teams don't detect, 38% are found by others in the security community -- such as white-hat hackers -- or through peers or competitors (up from 15% in 2017). The authors noted that there is safety in numbers when dealing with cyber threats.

Another sign of success: Security teams are finding the attacks faster, whittling the average time of detection from months and years to weeks and sometimes days. Eighty-nine percent of survey respondents said their internal security teams had detected a breach within a month; last year that number was at 32%.

In addition, 55% of companies took a week or less to detect an attack, compared with 10% in 2017.

All that said, the Accenture researchers said enterprises should be sure to keep their focus on security -- only 67% of their organizations are protected by their cybersecurity initiatives -- and not lose sight of the fact that threats can come from the inside as easily as the outside. That's where continued -- and wise -- investments come in. Ninety percent of survey respondents said they expect their companies will invest more in cybersecurity over the next three years, but only 31% said the increases will be significant (at least double what they're spending now).


The fundamentals of network security are being redefined -- don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

In addition, that spending should take advantage of the emerging technologies that will be crucial to cybersecurity, including AI, machine learning, user behavior analytics and blockchain.

While more than 80% of respondents said they understand the importance of such technologies, so far the investments are not backing that up. The majority of respondents said that, given additional money, they'd invest to either fill gaps or add innovations in cybersecurity, and already half or more of them said they are sending in security around the Internet of Things (IoT), security intelligence platforms and blockchain. (See Beyond Bitcoin: How Blockchain Can Benefit IoT Security.)

"So, executives agree advanced technologies are essential and they would commit funding to them if they could, but in practice, just two out of five are investing in machine learning/AI and automation technologies, to evolve their security programs," the authors wrote, nothing that 83% said their organizations have completely embedded security into their culture. "It may be a case of overactive optimism... yet, if only 40 percent are committing investments to breakthrough technologies like machine learning/AI and automation, this number needs to increase to optimize the opportunity."

Another point is that cyber criminals also are using such emerging technologies.

"We believe that AI/machine learning will play a huge role in the future of combatting cyber attacks," LaSalle wrote. "Threat intelligence from our iDefense team has already identified the use of advanced business models and technologies -- including AI/machine learning -- to develop more effective attacks. New technologies can provide a reliable, consistent and automated way to monitor for unusual behavior and control the process of access provisioning. They can scale the defenders and enable smarter automation to detect better and respond faster."

Accenture recommended several steps to improve an organization's resilience against cyber threats, including hardening high-value assets, use breakthrough technologies, evolve the role of the CISO to include deep expertise in both security and business, use threat-hunting technologies and pressure test the cyber-attack defenses.

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...