It's no secret that ransomware and distributed denial-of-service attacks are on the rise. In fact, compared with the previous year, the average number of targeted cyberattacks per organization in 2017 more than doubled (232 through January 2018 versus 106 through January 2017). The good news, according to Accenture's 2018 State of Cyber Resilience report, is that organizations are experiencing far more success in detecting and blocking them.
Despite this progress, only two out of five organizations invest in state-of-the-art technologies like machine learning, artificial intelligence (AI), and automation. In other words, there's lots of room for investment in cyber-resilient innovations and solutions.
Cyberattacks More Than Doubled in 2017
The study found that organizations that take cyber threats seriously are managing to prevent 87% of all focused attacks, compared with 70% in Accenture's 2017 report. However, 13% of such attacks are making their way through the corporate defenses: organizations deal with an average of 30 successful security breaches per year that result in damage or the loss of high-value assets.
"Only one in eight focused cyberattacks are getting through versus one in three [the previous year], indicating that organizations are doing a better job of preventing data from being hacked, stolen, or leaked," says Kelly Bissell, managing director of Accenture Security. "While the findings of this study demonstrate that organizations are performing better at mitigating the impact of cyberattacks, they still have more work to do. Building investment capacity for wise security investments must be a priority for those organizations who want to close the gap on successful attacks even further. For business leaders who continue to invest in and embrace new technologies, reaching a sustainable level of cyber resilience could become a reality for many organizations in the next two to three years. That's an encouraging projection."
Security Teams Find Breaches Faster
There's another bright spot: Security breaches are taking less time to detect, from months and years to now days and weeks. In the study, an average of 89% of respondents reported that their internal security spotted attacks within one month, as opposed to only 32% of IT teams the previous year. According to this year's survey, just over half (55%) of organizations detected breaches in a week or less, compared with 10% in last year's report.
Although today's companies are quicker to detect breaches, security teams are still finding only 64% of them — a number similar to last year's — and using external help to find the remaining ones. This underscores the importance of collaborative private/public sector cooperation to stop cyberattacks. When asked how they unearthed attacks that their security team failed to find, respondents indicated that more than one-third (38%) were found by white-hat hackers or a peer or competitor (up from 15% in 2017's report). Interestingly, law enforcement uncovered a mere 15% of breaches, down from 32% the previous year.
The View from Inside
On average, respondents said their cybersecurity program safeguards only two-thirds (67%) of their organization. Of course, external incidents remain a problem, but the survey indicates that companies also face other threats lurking within: internal attacks and accidentally published information are among the top three cyberattacks with the highest frequency and impact.
Respondents said that cyber-threat analytics and security monitoring (46% each) are the two capabilities they need the most to plug the holes in their cybersecurity solutions, but most (83%) acknowledge that other technologies — such as AI, machine or deep learning, user behavior analytics, and blockchain — are key to optimally securing the organization.
While the average number of cyberattacks per organization has increased, companies are getting better at detecting and blocking them. However, the biggest hurdle for companies is stopping breaches from happening in the first place, not improving their ability to the detect them. As their data silos expand and digital platforms become major revenue sources, the stakes for companies have never been greater. Taking days or weeks to detect a breach is no longer good enough because the costs of such delays can be devastating for most, and fatal to some. Imagine if there was a heist at your local bank: What would people say if it took days or weeks for the police to respond to the robbery?
As they adapt to the digital universe, organizations also expose themselves to ever-increasing cyber-risks and become more dependent on their IT department. Meanwhile, cybercriminals are getting better at what they do and launching increasingly sophisticated attacks via multiple threat vectors. Consequently, for companies, fighting back with a data-centric approach based on AI and machine learning is essential. It's no longer enough to pit your smartest people against the equally brainy bad guys. In the digital era, cybercriminals are leveraging the same tools as their targets, so cyber defense needs to catch up.
In addition to protecting their organizations from external threats, IT leaders mustn't neglect the internal breaches — intentional or accidental — that still pose a major threat. Continuous trainings and clear instructions help build awareness among staff, and policy enforcement and monitoring can ensure that employees will pay attention to them. Instead of treating security as a bothersome cost, the smartest enterprises will make online security a regular part of doing business and use it to differentiate themselves from their competitors who are still behind the curve.
- 6 Reasons Why Employees Violate Security Policies
- Securing Severless: Defend or Attack?
- Securing Serverless: Attacking an AWS Account via a Lambda Function
- Tackling Supply Chain Threats
Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.