Are security professionals moving fast enough?

The Breach Level Index estimates that every day just under half a million data records are stolen. That’s a staggeringly large statistic. Enterprises face an agile and committed enemy – and the odds are stacked against them. After all, a hacker just needs one piece of luck, but businesses must constantly be vigilant against malware attacks. And now with GDPR, regulators can move quickly to take action. This makes it all the more imperative that companies have the right security arsenal at hand.

Interestingly, according to Accenture, businesses are preventing more cyber attacks than ever before, yet only two out of five organisations are currently deploying new technologies like machine learning, artificial intelligence (AI) and automation. This lack of approach in the long term won’t stick as organisations cannot continue preventing malware attacks if they don’t invest in new technologies.

>See also: More than 2.5BN records stolen or compromised in 2017

With the increase in threats the cybersecurity industry faces, alongside the challenges of recruiting people with the necessary skills, taking advantage of trusted machine learning and automation should be a no-brainer for overstretched security professionals.

After all, many other industries have reaped the benefits of automation in mission-critical departments. So why is it that some IT departments are still manually wiping each computer clean of malware when they’ve been attacked? The Ponemon Institute found that malicious or criminal data breaches take an average of 82 days to contain making it hugely time-intensive for IT managers.

This alone should be a siren that a more effective way of containment is needed. There’s also a high likelihood of lost work caused by the time between the last clean backup and the time of infection. The net result of this is a loss of employee productivity and ultimately money.

>See also: Data breaches continue to rise in the connected age

Those that are investing in AI and automation are also facing issues as many aren’t onboarding and implementing these technologies properly within their business. This is according to the 2018 SANS ‘Endpoint Protection and Response’ report, which reveals that of the 50% of organisations surveyed that had acquired next-generation antivirus, 37% of them had not implemented it. Similarly, some 49% had purchased endpoint protection solutions that 38% had failed to leverage for malware detection.

It is, however, promising to see automating endpoint detection and response solutions are the top priority for IT professionals trying to put actionable controls around their endpoints.

And in the fight against cybercriminals, businesses must be one step ahead of the game and using technology to its advantage. There is a good reason why AI and machine learning dominated this year’s Infosecurity Europe.

>See also: Identity theft and poor internal security practices take a toll

Of course, it is difficult for security professionals to pick apart the wheat from the chaff when it comes to machine learning and AI. Unfortunately, there are many vendors simply slapping on AI to their messaging, but if you scratch beneath the surface, it’s nothing more than words.

This makes it harder for organisations to know if what they are being promised is true and can lead to much cynicism, perhaps a reason why so few businesses are investing in these technologies.
It’s more important now than ever before that enterprises shift from the manual and into the automated world, and harness technologies that can carry out some of this heavy lifting. Regulation, such as the GDPR, almost makes this an imperative with the stipulated reporting timelines. The job of a technology team has become much harder with the increased amount of cyber threats and how rapidly they are evolving. So if there are ways to save time on other jobs surely they should be grasping them with both hands.

Now it’s time for security professionals to pick up the pace. If they don’t, they will be overtaken and beaten by criminals out there looking to steal, hold ransom and exploit their most prized asset: data.

Sourced by Anthony O’Mara, Vice President EMEA of Malwarebytes

Avatar photo

Andrew Ross

As a reporter with Information Age, Andrew Ross writes articles for technology leaders; helping them manage business critical issues both for today and in the future