IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
In-depth

Three reasons why cyber threat detection is still ineffective

Why 75% of organisations are dissatisfied with their ability to investigate threats

Cyber crime

Three in four organisations are dissatisfied with their current ability to detect and investigate threats using their current data and tools, new research has found.

Consequently, IT security departments are frantically searching for fresh ways to overcome problems with visibility, siloed data and consistency, according to security firm RSA, which surveyed 160 organisations of varying sizes.

From investment imbalance to fragmented data collection methods, there are many complicated and nuanced reasons companies are less equipped to deal with threats once they move past the prevention stage, and fewer and fewer security leaders feel completely confident in their ability to detect attacks with the desired speed and agility.

Below we cover the three major reasons organisations like yours are struggling to detect and fight cyber security breaches effectively.

Too much focus on prevention

This might seem like an odd one, given that we've always been taught that prevention is the best way to protect ourselves in most areas of life, for instance, knowing to eat well and exercise to prevent falling ill, rather than fighting illness later on. However, when it comes to cyber security, it's important to also invest significantly in detection and response for times when threats succeed in infiltrating your business.

RSA found the average allocation of security budgets is unevenly split between the three main areas, with 47% going to prevention versus 25% to detection and 28% to response. This leaves companies vulnerable to attack, and means attacks become more likely to succeed past a certain point.

Not collecting valuable data

Data collection is the key here, but too many organisations are still overlooking some of the most valuable information at their disposal. RSA's survey also discovered that while 88% of companies collect data from network perimeter infrastructure, far fewer respondents utilise sources such as endpoints (59%), identity and access management systems (55%) and network packet/flow (49%).

By far the most surprising result showed just 27% of companies were reporting the use of data from cloud-based apps and infrastructure to help detect threats. What's more, those that do use a wider range of data saw far more value in specific sources than those that don't. For example, companies collecting identity management systems data saw 77% more value in it than those overlooking it in their strategies.

Integration is also an issue, with just 21% claiming to have fulling integrated this data, while 79% are left with partial integration or no integration at all.

Low adoption for most effective techniques

Security is a uniquely fast-moving world, and organisations must think ever faster in order to keep up. Technologies for both detection and investigation into threats are vast, but many of the most effective tools - such as automation and analytics - suffer from low adoption and are thus underutilised by the industry.

More than 60 per cent of businesses deploy SIEM, but slightly newer detection methods such as user behaviour analytics still haven't gained as much traction as they should. However, when asked about future investment, organisations cited this as their top priority moving forwards with 32 per cent planning to introduce it within the next year - totalling 62 per cent.

Investment into new and more efficient technologies must be prioritised by businesses if they are to gain more visibility and improve detection and response. Automation can make this much easier and more cost-effective, and investment into behavioural analytics will accelerate this further.

Featured Resources

Accelerating healthcare transformation through patient-centred medtech solutions

Seize the digital transformation opportunities to streamline patient care and optimise patient outcomes

Free Download

Big payoffs from big bets in AI-powered automation

Automation disruptors realise 1.5 x higher revenue growth

Free Download

Hyperscaler cloud service providers top ten

Why it's important for companies to consider hyperscaler cloud service providers, and why they matter

Free Download

Strategic app modernisation drives digital transformation

Address business needs both now and in the future

Free Download

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
Defra's legacy software problem 'threatens' UK gov cyber security until 2030
Business strategy

Defra's legacy software problem 'threatens' UK gov cyber security until 2030

6 Dec 2022
US seizes millions in stolen COVID relief funds by China-backed hackers
Policy & legislation

US seizes millions in stolen COVID relief funds by China-backed hackers

6 Dec 2022