IT teams can’t plug security gaps because they don’t know what they are

Arguably, the most important question to answer following a cyber attack is where it was targeted. Yet, according to new research from Sophos, the network security firm, 20% of IT managers surveyed are unaware of how their most significant cyber attack entered their organisations.

The research also found that 17% don’t know how long the threat was in the environment before it was detected.

Larger organisations are more likely to know how threats got in than smaller ones. This is likely due both to having more skilled resources and more comprehensive cyber security solutions than smaller companies.

According to Sophos, IT leaders had a higher chance of spotting cyber attacks on their servers and networks than anywhere else and, therefore, they stressed the importance of endpoint detection and response (EDR) technology.

Anomaly detection: Machine learning platforms for real-time decision making imageAnomaly detection: Machine learning platforms for real-time decision making

Anomaly detection is bridging the gap between metrics and business processes to provide more efficiency

“Servers store financial, employee, proprietary, and other sensitive data, and with stricter laws like GDPR that require organisations to report data breaches, server security stakes are at an all-time high. It makes sense that IT managers are focused on protecting business-critical servers and stopping attackers from getting on the network in the first place and this leads to more cybercriminal detections in these two areas,” said Chester Wisniewski, principal research scientist, Sophos. “However, IT managers can’t ignore endpoints because most cyber attacks start there, yet a higher than expected amount of IT managers still can’t identify how threats are getting into the system and when.”

“If IT managers don’t know the origin or movement of an attack, then they can’t minimise risk and interrupt the attack chain to prevent further infiltration,” said Wisniewski. “EDR helps IT managers identify risk and put a process in place for organisations at both ends of the security maturity model. If IT is more focused on detection, EDR can more quickly find, block and remediate; if IT is still building up a security foundation, EDR is an integral piece that provides much-needed threat intelligence.”

Network and performance monitoring and how anomaly detection is keeping enterprises secure: imageNetwork and performance monitoring and how anomaly detection is keeping enterprises secure:

Network and performance monitoring platforms using machine learning and anomaly detection have the potential to respond to threats in real-time

For the research, The 7 Uncomfortable Truths of Endpoint Security, Vanson Bourne survey interviewed 3,100 IT decision makers in 12 countries and across six continents, in the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India, and South Africa. All respondents were from organizations with between 100 and 5,000 employees.

Avatar photo

Andrew Ross

As a reporter with Information Age, Andrew Ross writes articles for technology leaders; helping them manage business critical issues both for today and in the future