Incident response takes two working days

One in four UK organisations cite the volume of false positives as being one of the biggest challenges facing their business.

  • Thursday, 14th October 2021 Posted 3 years ago in by Phil Alsop

Deep Instinct, the first company to develop a purpose-built deep learning framework for cybersecurity, has released the second edition of its bi-annual Voice of SecOps Report. The research, which seeks to discover the cyber security concerns keeping CISO’s and SecOps professional up at night, found that 86% of UK respondents believe it is not possible to fully prevent ransomware and malware attacks from compromising their organisations defences. It also found that the rise in the number of endpoints that businesses need to protect continues to be a key source of risk exposure. 

 

The research, which surveyed 1,500 cyber security professionals globally – including 200 UK decision makers – discovered the difficulties that UK organisations are experiencing in maintaining a consistent security posture across their organisations. Highlighting how endpoint exposure continues to remain a cause for concern, one third of endpoints deployed in the UK currently have no security agent installed. Furthermore, 70 percent of UK businesses say that they cannot ensure that every endpoint has the same level of protection. This is compounded with almost two thirds (65 percent) saying they cannot guarantee every endpoint has the same level of visibility for consistent patching or that every endpoint is secured against the same threats (62 percent). 

 

When examining the challenges facing organisations in detecting threats present within the network, 24 percent of respondents cited the volume of false positives as being one of the biggest barriers, – higher than the global average of 18 percent. However, 47% said that the lack of threat prevention specific to the volume of never-before-seen malware was the top concern.  

 

While the time taken to investigate threats once discovered was of concern to 42 percent of UK respondents, the findings also revealed that the average response time to a cyber incident is 20.2 hours – more than two ‘working’ days, in-line with the global average of 20.9 hours. The time delay in responding to an incident opens the possibility for more damage to be done by the attacker and leaves fewer resources for basic security hygiene. 

 

The continued move by organisations to enable greater collaboration between users, partners, suppliers, and customers by enabling third-party access to upload documents and files to the cloud, has led to UK businesses feeling concerned about their own cloud-based apps being used as a threat vector. The research found that almost two thirds (62 percent) of UK businesses are concerned that third parties will upload malicious files to their cloud repository and only a quarter (24%) have “complete” confidence that their cloud/local repository files don’t already hold malicious files. 

 

“In this research, CISO’s and SecOps teams have clearly identified the challenges they are facing daily, including a lack of consistent and thorough endpoint security, exposed cloud storage, malicious file uploads and, and crucially, the time taken to resolve identified threats,” said Brooks Wallace, VP EMEA at Deep Instinct. “Ransomware and the constant barrage of new malware variants aren’t going to disappear anytime soon, in fact reality tells us that it can only get worse. There isn’t time to waste when it comes to stopping a threat, it must be prevented within milliseconds before it has the chance to take hold and laterally move through the network. It is imperative that organisations adopt a security-first strategy to combat the gaps that exist in their security posture” 

 

Additional global highlights from the report include: 

 

•        99 percent of respondents surveyed reported that they did not believe all their endpoints were protected by at least one security agent 

•        Hidden persistence, whereby threat actors discreetly maintain long-term access to systems despite disruptions such as restarts or changed credentials, is the most feared tactic used by attackers to launch large-scale attacks (40 percent). 

•        Lack of qualified SecOps staff (35 percent) causes challenges for incident response 

•        45 percent believe it is currently possible to prevent all malware threats from infiltrating their organisation's network and 66% believe it may be possible to prevent all malware threats from infiltrating their organisation’s network in the next 2-5 years.