sb-eu logo
Story image

New report reveals key concerns of threat management pros in 2020

22 Apr 2020

Attivo Networks has today revealed the results of its research into the most significant concerns of top threat management and cybersecurity professionals, with the report indicating many of the concerns highlighted in the previous year's research have been exacerbated. 

User networks and endpoints are the biggest concern for 65% of survey respondents, an 11% increase from last year, according to the research released yesterday.

The increase, says Attivo, can be attributed to four factors:

  • The evolution of an increasingly perimeter-less environment
  • The sheer number of successful endpoint attacks
  • The rising cost per endpoint breach
  • Difficulties associated with quickly detecting a compromised system before an attacker can move laterally.

35% of respondents rated threats related to remoting working as an attack surface of concern – however, the survey was conducted before the COVID-19 pandemic struck, and Attivo expects this number to rise in future.

The report also found the cloud is a significant concern by 63% of respondents. 

It attributes this to the continued migration of companies to IaaS and SaaS services and the concerns cybersecurity professionals have about securing these broad attack surfaces and shared security models.

Reducing attacker dwell time, or the length of time from when a breach occurs and when an organisation detects the breach, is becoming more of a significant issue, according to the survey.

Nearly two-thirds (64%) of respondents indicated that 100 days of dwell time seemed accurate or was too low, up three percentage points from last year. 

In terms of dwell time, the most alarming statistic was the 7% jump year-on-year of respondents stating they were not tracking dwell time statistics.

Complementary security technology is seeing increased usage from last year. Respondents believe threat actors are most concerned about traffic analysis (44%), followed closely by deception technology and next-generation firewalls (both 40%), IDS (39%), SIEMs (37%), EDR/next-generation AV (27%), IAM (22%) and UEBA (15%). 

Deception technology is also being increasingly employed to close detection gaps and efficiently covering attack surfaces such as endpoint, cloud, and inter-connected OT environments.

Malware and ransomware attacks continue to be top of mind for cybersecurity and threat management professionals, with 66% of respondents putting these types of attacks at the top of their list of concerns, a 5% increase from last year.

Attivo says this result indicates that anti-virus, firewalls, and other prevention technologies still struggle to detect and stop attacks and that different detection solutions and/or organizations need more layers of defence to halt these attacks.

“Much of this year’s research indicates a continued demand for in-network detection that works reliably across existing and emerging attack surfaces and is effective against all attack vectors,” says Attivo Networks chief deception officer Carolyn Crandall.

“Reducing dwell time has also become an increased focus, as well as adopting technologies that detect attackers inside the network early and accurately. 

“A multi-layered strategy of complementary security controls that include new solutions like deception technology is proving to create the most effective control.”

Story image
Slack unveils new security features as remote working skyrockets
Slack has introduced new security features, integrations and certifications to its platform in response to growing security concerns as more people work remotely.More
Story image
HPE powers Edinburgh International Data Facility
“In the data-centric era deriving insights and value from across multiple datasets will be a key to success for business and government alike. We look forward to boosting the UK’s capacity for data-driven innovation through this initiative.”More
Story image
Network security and ADC market to reach $19 billion by 2024
The ongoing COVID-19 pandemic will continue to impact the market both negatively and positively throughout 2020 and into the first half of 2021.More
Story image
Security teams face mounting stress, call for execs to step in
“With more organisations operating under remote work conditions, the attack surface has broadened, making security at scale a critical concern. This is a call to action for executives to prioritise alleviating the stress."More
Story image
OkCupid website and app found to have significant security flaws
The popular online dating service has been found to have several vulnerabilities which, if exploited, could put the private data of users in danger of being stolen.More
Story image
AWS launches fully-managed fraud detection service
Businesses lose billions of dollars to online fraud every year, however businesses respond by investing in cumbersome fraud management solutions that often rely on hand-coded rules and are difficult to keep up to date.More