It’s no secret that years of traditional overinvestment in preventative cybersecurity have failed to keep attackers at bay. There may be several reasons for this – evolving threats and the transformation of the enterprise among them – but in the end, the fact is that the traditional approaches just haven’t cut it. For anyone chartered with solving this problem, now is a good time to evaluate whether you’re on the right track – or whether it’s time to correct your course.
To gain an understanding of what’s working – and what isn’t – few sources are better equipped than our peers, to determine exactly how security leaders are tackling today’s top threats. And whether it’s time for a new approach.
To garner more intelligence surrounding these questions – and to see what level of confidence security teams have in the tools they’re currently using – we recently gathered feedback from nearly 2,000 security decision-makers. The full scoop can be found in the report: Fit For Purpose Or Behind The Curve? Uncovering How Today’s Organizations Are Tackling Complex, Modern Cyberthreats
This report overflows with telling stats and insights into many of the challenges practitioners face today. Take a look when you get a chance. But in the meantime, let’s run through a couple of the highlights and talk about some ways to add resiliency to your setup.
83% of those queried think traditional approaches don’t protect against modern threats, and that we need to change the game when it comes to dealing with attackers.
We could add some perspective here, but even a cursory look at the “traditional approaches” in the form of preventative security reveals these numbers shouldn’t be too surprising. While prevention security measures are both useful and practical, organizations find themselves in a precarious situation if they have overinvested in prevention or in approaches that fail to incorporate detection beyond the prevention layer. Satisfying basic prevention requirements shouldn’t come at the expense of achieving resilience through detection and response.
Today’s attacks are driven by human activity, and if an evil actor gains access to a corporate device, network or cloud environment, several stages of the attack chain remain that require navigation before reaching a target. When this scenario plays out in your environment, it’s vital to neutralize the attack before severe damage has occurred.
Becoming more resilient to attackers already working inside an environment is no longer just one area of concern – it’s an all-encompassing task demanding visibility wherever your workloads exist: in the cloud, the data center and everywhere in between. This is where detection and response become the best option to minimize the impact of any breach as quickly as possible.
87% of the respondents say recent high-profile attacks have caused their board to begin to take proper notice of cybersecurity needs.
While it may be difficult to remain positive after seeing the news reports about devastating ransomware attacks, perhaps this statistic provides reason to be optimistic. Decisions about implementing new technologies, including security solutions, often receive input from organizational leadership and boards of directors. Additional data about this may be found in the full report, but the fact that these attacks are now on the radar of boards is a positive sign. The pace of innovation isn’t slowing down, and decision-makers at every level need to be informed about security and the risks involved. This presents a great opportunity for security leaders to illustrate the importance of cybersecurity and to help facilitate change throughout their entire organization. Education is the key.
Security leaders and practitioners can drive change by helping business leaders understand the various risks, the potential outcomes of those risks and the best strategies for mitigating them. It’s critical that we start explaining these risks in a way everyone can understand and clearly show how they can directly impact our organizations.
Make sure to grab the full report: Fit for Purpose or Behind the Curve? Uncovering How Today’s Organizations Are Tackling Complex, Modern Cyberthreats