A Ponemon survey reveals that cybersecurity leaders don’t have enough information and awareness to plan security defences effectively, leaving companies exposed to risk. A Ponemon survey reveals that cybersecurity leaders don’t have enough information and awareness to plan security defences effectively, leaving companies exposed to risk. A year from now, CISOs will have to start rethinking their strategy and be on the lookout for alternative ways to empower the teams that they have fallen victim to, in addition to Colonial Pipeline and JBS.
A survey was conducted among almost 1800 cybersecurity leaders and practitioners to ask about their thoughts on external threat hunting and how organizations can build their defensive abilities through this emerging and essential technique.
The severe business disruption caused by repeat offenders
In the new study, half of the business disruption incidents caused by repeat offenders were recorded – and 61% of those victims reported they did not believe they were able to resolve these issues, putting vital systems and information at risk. Several organizations acknowledge they are experiencing disruption from cyberattacks and persistent cyberattacks and that remedying these attacks cannot be completed for many victims.
There was a lack of maturity among respondents when using their security analysts effectively to hunt for threats. Security companies that engage in threat hunting, specifically external threat hunting, have been able to identify and block impending attacks, improve their threat detection capabilities, and complete comprehensive remediation. Yet, most respondents report that their organizations are not providing enough resources to realize the potential of their analyst teams and threat-hunting activities.
According to the survey, the respondents’ organizations are expecting to spend an average of $117 million on IT operations in 2021. In total, 19% of these funds are for IT security. Of this average, 22% are for analyst activities and threat intelligence.
In many organizations today, machine learning and automation are used extensively for gaining efficiency, treating threat hunting as a tactical, reactionary function,”
As a result, organizations that outperform others in anticipating and managing vulnerabilities both internally and with third-party partners have given an essential portion of their budget to external threat hunting.
Views on threat hunting
Threat hunting is perceived differently by respondents. They have varying ideas of what it is or how it is leveraged. In only 24% of companies, threat hunting entails monitoring adversaries outside the organization’s borders and identifying upcoming threats. The majority of threat hunters view threat hunting as a reactive means of detecting internal threats already in place.
Most organizations have taken an internal-only threat hunting approach, which makes sense given that they experienced difficulty gaining an attacker’s perspective on their organization.
Respondents said they had the following types of intelligence data:
- Dark web data. (47%)
- Endpoint telemetry (42%).
- Domain registration data (42%).
One-half of respondents indicated that threat intelligence wasn’t keeping up with the evolving threat landscape.
Moreover, only 31% of respondents said that telemetry of Internet traffic was essential to their ability to plan preventative measures, detect threats, and resolve security incidents.
If organizations are investing in their analyst teams and intelligence capabilities, then allowing them the visibility they need to trace, map, and monitor adversary infrastructure, as well as their interactions with enterprise or third-party assets, will yield far greater returns.”
A survey was conducted among almost 1800 cybersecurity leaders and practitioners to ask about their thoughts on external threat hunting and how organizations can build their defensive abilities through this emerging and essential technique.
The severe business disruption caused by repeat offenders
In the new study, half of the business disruption incidents caused by repeat offenders were recorded – and 61% of those victims reported they did not believe they were able to resolve these issues, putting vital systems and information at risk. Several organizations acknowledge they are experiencing disruption from cyberattacks and persistent cyberattacks and that remedying these attacks cannot be completed for many victims.
There was a lack of maturity among respondents when using their security analysts effectively to hunt for threats. Security companies that engage in threat hunting, specifically external threat hunting, have been able to identify and block impending attacks, improve their threat detection capabilities, and complete comprehensive remediation. Yet, most respondents report that their organizations are not providing enough resources to realize the potential of their analyst teams and threat-hunting activities.
According to the survey, the respondents’ organizations are expecting to spend an average of $117 million on IT operations in 2021. In total, 19% of these funds are for IT security. Of this average, 22% are for analyst activities and threat intelligence.
In many organizations today, machine learning and automation are used extensively for gaining efficiency, treating threat hunting as a tactical, reactionary function,”
As a result, organizations that outperform others in anticipating and managing vulnerabilities both internally and with third-party partners have given an essential portion of their budget to external threat hunting.
Views on threat hunting :
Threat hunting is perceived differently by respondents. They have varying ideas of what it is or how it is leveraged. In only 24% of companies, threat hunting entails monitoring adversaries outside the organization’s borders and identifying upcoming threats. The majority of threat hunters view threat hunting as a reactive means of detecting internal threats already in place.
Most organizations have taken an internal-only threat hunting approach, which makes sense given that they experienced difficulty gaining an attacker’s perspective on their organization.
Respondents said they had the following types of intelligence data:
- Dark web data.(47%)
- Endpoint telemetry (42%).
- Domain registration data (42%).
One-half of respondents indicated that threat intelligence wasn’t keeping up with the evolving threat landscape.
Moreover, only 31% of respondents said that telemetry of Internet traffic was essential to their ability to plan preventative measures, detect threats, and resolve security incidents.
If organizations are investing in their analyst teams and intelligence capabilities, then allowing them the visibility they need to trace, map, and monitor adversary infrastructure, as well as their interactions with enterprise or third-party assets, will yield far greater returns.”