An international study shows that “the game has to change”, as protective measures often lag behind the attackers by years, the boardroom lags a decade behind the security discussions and the regulations need more input from the industry. […]
Vectra AI, a leading company in the field of detection and defense against cyber threats, has published an international study that shows how companies today deal with complex, modern cyber threats. The Vectra Security Leaders Research Report found that 89 percent of respondents believe that traditional approaches do not provide protection against modern threats and that “the game needs to be changed” in terms of dealing with attackers. For the international study, Vectra surveyed 200 IT security decision-makers who work in companies with more than 1,000 employees.
The report shows that outdated tools and ways of thinking prevent companies from protecting themselves against modern threats. Security leaders also believe that a new approach is needed to detect and stop attacks that are overtaking current tools. The main results are:
- 76 Percent of security decision-makers say they bought tools that didn’t deliver what they promised. They cited poor integration, lack of detection of modern attacks and lack of transparency as the top three reasons.
- 69 Percent believe that a security incident could have taken place without them knowing about it – a third (31 percent) consider this “likely”.
- 90 Percent of respondents confirm that the recent high-profile attacks have led to the board starting to address the issue of cybersecurity.
- 69Percent believe that cybercriminals are overtaking current tools and that security innovations lag behind hackers’ innovations by years.
- More than half (54 percent) now invest as much, if not more, in detection as in protection, which indicates a positive departure from the mentality of prevention.
Andreas Riepen, Head of Central & Eastern Europe (CEE) at Vectra, comments: “Digital transformation is driving change at an ever-increasing speed. However, it’s not just the companies that are innovative, cybercriminals are too. As the threat landscape evolves, conventional defense measures are increasingly ineffective. Companies need modern tools that illuminate blind spots to create visibility from the cloud to the location. They need security officers who speak the language of business risks and boards who are willing to listen. And a technology strategy based on the understanding that it does not matter if, but when a security breach occurs.“
69 Percent of respondents believe that cybercriminals are overtaking the current tools with their capabilities and that the security innovation lags behind the innovation of hackers by years.
This may be due in part to outdated security thinking and a lack of communication between the security teams and the board. 58 Percent of respondents believe that the board is a decade behind when it comes to security discussions. 82 Percent are convinced that the security decisions of the Management Board are influenced by existing relationships with old security and IT providers. Another 68 percent say it is difficult to convey the value of security to the board because it is notoriously difficult to measure. As a result, security managers are more dependent than ever on their partners in the channel. 86 Percent say they are grateful to have a sales partner they can trust, as there are so many suppliers who all promise the same thing.
From the GDPR to the Network and Information Security Directive (NIS), cybersecurity practices and standards are governed by regulations. Regulation is of crucial importance when it comes to making companies accountable. However, 58 percent of respondents believe that legislators are not well equipped to make decisions on cybersecurity issues and called for more input from the industry and cooperation. In addition, 43 percent of respondents felt that regulators do not have a sufficient understanding of life “on the front line” to make laws for cybersecurity experts.
“As the security landscape is rapidly evolving and becoming more and more complex, attackers usually have an advantage. This means that security managers need to adopt a new approach to security that focuses on detection and response while moving away from prevention-oriented strategies,“ says Riepen. “This new approach to security can create the right conditions for effective cyber risk management. For the entire international security industry to embrace this proactive culture, there needs to be greater communication and consultation between the Board and regulators to ensure that all parties use the same information base.“