Organisations across the globe are battling to stay on top of sophisticating cybercrime, a new report has found, with the majority of respondents unable to detect a breach within an hour.
Security intelligence company LogRhythm released its annual benchmark survey in which 751 IT decision makers from the United States, United Kingdom and Asia/Pacific region were interviewed about cyber security.
There was a strong focus on the ability of companies to detect and respond to cyberattacks.
Less than half of the organisations surveyed said they were able detect a major breach within one hour, while less than one-third said they would be able to contain a major incident within an hour.
Senior Regional Director for Asia Pacific & Japan at LogRhythm, Joanne Wong, explained that organisations needed to place a greater emphasis on their cyber security resources to navigate growing threats.
“Cyber threats continue to grow in volume and intensity,” she said.
“Seemingly every month, another massive security breach dominates the headlines.
“To combat these threats, organisations need to carefully plan their budgets and strategies, while developing effective programs that tackle specific threats and keep them one step ahead of cyberattackers.”
Resources and confidence
The report looked at the size and funding of cyber security teams from the organisations surveyed as an indicator of industry maturity.
On average, each company had 12 cyber professionals as part of their team, however, over half the respondents had fewer than ten professionals in their team.
In terms of investment, one third of the companies were shown to spend less than 10% of their IT budget on security.
A quarter of the IT executives surveyed stated they were not comfortable with their company’s level of cyber security funding.
These funding issues, alongside inabilities to consistently detect breaches, translated to a lack of confidence within the industry, with the report describing confidence levels amongst executives as “only moderately positive.”
Perspective from the other side
While the LogRhythm report highlighted the struggle businesses face when it comes to detecting a cyber breach, another recent report from software company Nuix, has revealed just how easily a hacker can get in.
The second annual Black Report surveyed hackers, penetration testers and incident responders from around the world.
Amongst the findings was the revelation that 40% of hackers said they could exfiltrate data in less than an hour and 33% could within five hours.
Additionally, 93% said their targets don’t detect attacks more than half the time.
“Hackers can keep using the same attack techniques because they still work—if it ain’t broke, don’t fix it,” said Nuix’s Head of Services, Security and Partner Integration, Chris Pogue.
“Again and again in the media, data breach victims claim they suffered unprecedented and highly sophisticated cyberattacks but the reality turns out to be that someone didn’t do their job properly.
“In the recent Equifax case, it was simply an older system that hadn’t been patched.”