Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

08:05 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt

Cyber Attacks Have Doubled, but Security Is Getting Better at Blocking Them

In a survey, Accenture said the number of targeted attacks like ransomware and DDoS are growing, but organizations are getting better and faster at detecting them.

Cybersecurity so far this year is offering a mix of good news, bad news and warnings, according to a report released this week by professional services company Accenture.

The bad news is that the number of targeted cyber attacks like ransomware and distributed denial-of-service (DDoS) has more than doubled this year, an indication of the increasing threats facing organizations undergoing dramatic digital transformations of their businesses.

However, companies have dramatically done better so far this year over 2017 at protecting themselves against such attacks, detecting and blocking 87% of the breaches compared with 70% last year, according to Accenture's report "2018 State of Cyber Resilience," which was released as the RSA Conference 2018 got underway in San Francisco. That said, the study's authors noted that even with only 13% of targeted attacks getting through the defenses, that means that organizations are still seeing an average of 30 successful breaches a year, and they warned that companies must continue to invest security solutions and embrace emerging technologies like artificial intelligence, machine learning and automation.

"The research shows that 83 percent of survey respondents believe that breakthrough technologies, such as artificial intelligence (AI), machine or deep learning, user behavior analytics, and blockchain, are essential to securing the future of their organizations," the authors wrote in their report. "Indeed, it is breakthrough technologies that will drive the next round of cyber resilience -- although only two out of five business leaders are already investing in areas like machine learning/AI and automation." (See Automation Is a Key to Future Enterprise Security Report.)

Accenture surveyed 4,600 enterprise security professionals at companies from more than 15 countries and with more than $1 billion in revenue. The survey ran from January to March and found an average of 232 attacks this year compared with 106 in 2017, with the attacks designed to get past network security and either cause damage or steal data or other corporate assets.

"Over the past year, there are a number of areas where organizations have improved their cyber resilience as they get better at detection, prevention and collaboration," Ryan LaSalle, global managing director for Accenture Security, Growth and Strategy and Cyber Defense Lead, wrote in an email to Security Now. "We believe the increase in attacks can be attributed to both the increased threat activity in the market and also the results of increased detection coverage across organizations. We're also seeing a change in the reporting structure and governance for cybersecurity, with two-thirds of CEOs and boards now having direct oversight of cybersecurity. Budget authorization is also elevated with CEOs and boards now approving 59% compared with only 33% last year. This provides strong evidence for the benefits of connecting security improvement to better risk governance and business engagement."

Collaboration improves cybersecurity
The collaboration not only within security teams but also outside of them has been important. Security teams within an organization are finding 64% of breaches, about the same as last year, they survey found. Of the attacks that the security teams don't detect, 38% are found by others in the security community -- such as white-hat hackers -- or through peers or competitors (up from 15% in 2017). The authors noted that there is safety in numbers when dealing with cyber threats.

Another sign of success: Security teams are finding the attacks faster, whittling the average time of detection from months and years to weeks and sometimes days. Eighty-nine percent of survey respondents said their internal security teams had detected a breach within a month; last year that number was at 32%.

In addition, 55% of companies took a week or less to detect an attack, compared with 10% in 2017.

All that said, the Accenture researchers said enterprises should be sure to keep their focus on security -- only 67% of their organizations are protected by their cybersecurity initiatives -- and not lose sight of the fact that threats can come from the inside as easily as the outside. That's where continued -- and wise -- investments come in. Ninety percent of survey respondents said they expect their companies will invest more in cybersecurity over the next three years, but only 31% said the increases will be significant (at least double what they're spending now).

The fundamentals of network security are being redefined -- don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

In addition, that spending should take advantage of the emerging technologies that will be crucial to cybersecurity, including AI, machine learning, user behavior analytics and blockchain.

While more than 80% of respondents said they understand the importance of such technologies, so far the investments are not backing that up. The majority of respondents said that, given additional money, they'd invest to either fill gaps or add innovations in cybersecurity, and already half or more of them said they are sending in security around the Internet of Things (IoT), security intelligence platforms and blockchain. (See Beyond Bitcoin: How Blockchain Can Benefit IoT Security.)

"So, executives agree advanced technologies are essential and they would commit funding to them if they could, but in practice, just two out of five are investing in machine learning/AI and automation technologies, to evolve their security programs," the authors wrote, nothing that 83% said their organizations have completely embedded security into their culture. "It may be a case of overactive optimism... yet, if only 40 percent are committing investments to breakthrough technologies like machine learning/AI and automation, this number needs to increase to optimize the opportunity."

Another point is that cyber criminals also are using such emerging technologies.

"We believe that AI/machine learning will play a huge role in the future of combatting cyber attacks," LaSalle wrote. "Threat intelligence from our iDefense team has already identified the use of advanced business models and technologies -- including AI/machine learning -- to develop more effective attacks. New technologies can provide a reliable, consistent and automated way to monitor for unusual behavior and control the process of access provisioning. They can scale the defenders and enable smarter automation to detect better and respond faster."

Accenture recommended several steps to improve an organization's resilience against cyber threats, including hardening high-value assets, use breakthrough technologies, evolve the role of the CISO to include deep expertise in both security and business, use threat-hunting technologies and pressure test the cyber-attack defenses.

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-05
Aerospike Community Edition allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use ...
PUBLISHED: 2020-08-05
Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3.
PUBLISHED: 2020-08-04
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipm...
PUBLISHED: 2020-08-04
Extreme Analytics in Extreme Management Center before allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
PUBLISHED: 2020-08-04
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...