New report reveals key concerns of threat management pros in 2020
FYI, this story is more than a year old
Attivo Networks has today revealed the results of its research into the most significant concerns of top threat management and cybersecurity professionals, with the report indicating many of the concerns highlighted in the previous year's research have been exacerbated.
User networks and endpoints are the biggest concern for 65% of survey respondents, an 11% increase from last year, according to the research released yesterday.
The increase, says Attivo, can be attributed to four factors:
- The evolution of an increasingly perimeter-less environment
- The sheer number of successful endpoint attacks
- The rising cost per endpoint breach
- Difficulties associated with quickly detecting a compromised system before an attacker can move laterally.
35% of respondents rated threats related to remoting working as an attack surface of concern – however, the survey was conducted before the COVID-19 pandemic struck, and Attivo expects this number to rise in future.
The report also found the cloud is a significant concern by 63% of respondents.
It attributes this to the continued migration of companies to IaaS and SaaS services and the concerns cybersecurity professionals have about securing these broad attack surfaces and shared security models.
Reducing attacker dwell time, or the length of time from when a breach occurs and when an organisation detects the breach, is becoming more of a significant issue, according to the survey.
Nearly two-thirds (64%) of respondents indicated that 100 days of dwell time seemed accurate or was too low, up three percentage points from last year.
In terms of dwell time, the most alarming statistic was the 7% jump year-on-year of respondents stating they were not tracking dwell time statistics.
Complementary security technology is seeing increased usage from last year. Respondents believe threat actors are most concerned about traffic analysis (44%), followed closely by deception technology and next-generation firewalls (both 40%), IDS (39%), SIEMs (37%), EDR/next-generation AV (27%), IAM (22%) and UEBA (15%).
Deception technology is also being increasingly employed to close detection gaps and efficiently covering attack surfaces such as endpoint, cloud, and inter-connected OT environments.
Malware and ransomware attacks continue to be top of mind for cybersecurity and threat management professionals, with 66% of respondents putting these types of attacks at the top of their list of concerns, a 5% increase from last year.
Attivo says this result indicates that anti-virus, firewalls, and other prevention technologies still struggle to detect and stop attacks and that different detection solutions and/or organizations need more layers of defence to halt these attacks.
“Much of this year’s research indicates a continued demand for in-network detection that works reliably across existing and emerging attack surfaces and is effective against all attack vectors,” says Attivo Networks chief deception officer Carolyn Crandall.
“Reducing dwell time has also become an increased focus, as well as adopting technologies that detect attackers inside the network early and accurately.
“A multi-layered strategy of complementary security controls that include new solutions like deception technology is proving to create the most effective control.”