Most (54%) cybersecurity professionals believe the threat landscape is evolving faster than they can respond, with a lack of preparation and strategic thinking endemic, according to RedSeal.
The network resilience vendor polled 600 IT and security decision makers in the UK and US to compile its RedSeal Resilience Report 2017.
It revealed that most respondents feel they are under-resourced (54%), can’t react quickly enough when an incident strikes (55%) and can’t access insight to prioritize incident response (79%).
Just 20% said they’re extremely confident their organization will be able to function as normal in the event of a breach or attack.
What’s more, there seems to be a dangerous disconnect between perceived strengths and reality.
Some 40% of respondents claimed ‘detection’ is their strongest capability, stating it takes an average of just six hours to spot an incident.
However, this flies in the face of many other industry reports, compiled by the likes of Mandiant (99 days) and Trustwave (49 days).
RedSeal also claimed that only a quarter of respondents test their cybersecurity incident response annually, with many saying it’s too resource intensive (29%), outside their budget (27%) or takes too long (26%).
“Their data networks are dynamic. This dynamic nature creates a risk,” RedSeal CEO Ray Rothrock told Infosecurity.
“Given that they report in our research that they last created a map of their entire network on average nine months ago, there’s no way to know precisely if their most valuable assets are accessible to bad actors at the present time. The lag in knowing what the network looks like and where data lives is a crucial factor in being ready for the inevitable.”
The report also revealed that compliance rather than strategy is driving IT security planning for the vast majority (97%) of organizations.
“On the cyber front, digital resilience — the ability to contain the bad guys when they’re inside your network, and protect high value assets like customer data and content from exfiltration — will protect your networks and your vital financial assets,” concluded Rothrock.
“So, it’s important to know your network inside out. Know what is important to your business and your customers, where it is, and make sure it’s secure. Operational resilience means not only being ready, but having a plan and procedures and then rehearsing that action plan.”