Cybersecurity so far this year is offering a mix of good news, bad news and warnings, according to a report released this week by professional services company Accenture.
The bad news is that the number of targeted cyber attacks like ransomware and distributed denial-of-service (DDoS) has more than doubled this year, an indication of the increasing threats facing organizations undergoing dramatic digital transformations of their businesses.
However, companies have dramatically done better so far this year over 2017 at protecting themselves against such attacks, detecting and blocking 87% of the breaches compared with 70% last year, according to Accenture's report "2018 State of Cyber Resilience," which was released as the RSA Conference 2018 got underway in San Francisco. That said, the study's authors noted that even with only 13% of targeted attacks getting through the defenses, that means that organizations are still seeing an average of 30 successful breaches a year, and they warned that companies must continue to invest security solutions and embrace emerging technologies like artificial intelligence, machine learning and automation.
"The research shows that 83 percent of survey respondents believe that breakthrough technologies, such as artificial intelligence (AI), machine or deep learning, user behavior analytics, and blockchain, are essential to securing the future of their organizations," the authors wrote in their report. "Indeed, it is breakthrough technologies that will drive the next round of cyber resilience -- although only two out of five business leaders are already investing in areas like machine learning/AI and automation." (See Automation Is a Key to Future Enterprise Security – Report.)
Accenture surveyed 4,600 enterprise security professionals at companies from more than 15 countries and with more than $1 billion in revenue. The survey ran from January to March and found an average of 232 attacks this year compared with 106 in 2017, with the attacks designed to get past network security and either cause damage or steal data or other corporate assets.
"Over the past year, there are a number of areas where organizations have improved their cyber resilience as they get better at detection, prevention and collaboration," Ryan LaSalle, global managing director for Accenture Security, Growth and Strategy and Cyber Defense Lead, wrote in an email to Security Now. "We believe the increase in attacks can be attributed to both the increased threat activity in the market and also the results of increased detection coverage across organizations. We're also seeing a change in the reporting structure and governance for cybersecurity, with two-thirds of CEOs and boards now having direct oversight of cybersecurity. Budget authorization is also elevated with CEOs and boards now approving 59% compared with only 33% last year. This provides strong evidence for the benefits of connecting security improvement to better risk governance and business engagement."
Collaboration improves cybersecurity
The collaboration not only within security teams but also outside of them has been important. Security teams within an organization are finding 64% of breaches, about the same as last year, they survey found. Of the attacks that the security teams don't detect, 38% are found by others in the security community -- such as white-hat hackers -- or through peers or competitors (up from 15% in 2017). The authors noted that there is safety in numbers when dealing with cyber threats.
Another sign of success: Security teams are finding the attacks faster, whittling the average time of detection from months and years to weeks and sometimes days. Eighty-nine percent of survey respondents said their internal security teams had detected a breach within a month; last year that number was at 32%.
In addition, 55% of companies took a week or less to detect an attack, compared with 10% in 2017.
All that said, the Accenture researchers said enterprises should be sure to keep their focus on security -- only 67% of their organizations are protected by their cybersecurity initiatives -- and not lose sight of the fact that threats can come from the inside as easily as the outside. That's where continued -- and wise -- investments come in. Ninety percent of survey respondents said they expect their companies will invest more in cybersecurity over the next three years, but only 31% said the increases will be significant (at least double what they're spending now).
In addition, that spending should take advantage of the emerging technologies that will be crucial to cybersecurity, including AI, machine learning, user behavior analytics and blockchain.
While more than 80% of respondents said they understand the importance of such technologies, so far the investments are not backing that up. The majority of respondents said that, given additional money, they'd invest to either fill gaps or add innovations in cybersecurity, and already half or more of them said they are sending in security around the Internet of Things (IoT), security intelligence platforms and blockchain. (See Beyond Bitcoin: How Blockchain Can Benefit IoT Security.)
"So, executives agree advanced technologies are essential and they would commit funding to them if they could, but in practice, just two out of five are investing in machine learning/AI and automation technologies, to evolve their security programs," the authors wrote, nothing that 83% said their organizations have completely embedded security into their culture. "It may be a case of overactive optimism... yet, if only 40 percent are committing investments to breakthrough technologies like machine learning/AI and automation, this number needs to increase to optimize the opportunity."
Another point is that cyber criminals also are using such emerging technologies.
"We believe that AI/machine learning will play a huge role in the future of combatting cyber attacks," LaSalle wrote. "Threat intelligence from our iDefense team has already identified the use of advanced business models and technologies -- including AI/machine learning -- to develop more effective attacks. New technologies can provide a reliable, consistent and automated way to monitor for unusual behavior and control the process of access provisioning. They can scale the defenders and enable smarter automation to detect better and respond faster."
Accenture recommended several steps to improve an organization's resilience against cyber threats, including hardening high-value assets, use breakthrough technologies, evolve the role of the CISO to include deep expertise in both security and business, use threat-hunting technologies and pressure test the cyber-attack defenses.
— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.