June 16, 2020

Cybersecurity teams have “inflated” confidence; taking longer to detect threats

By Lucy Ingham

The time it takes for cybersecurity teams to detect system compromises, known as dwell time, has grown, but the majority are overconfident about their abilities, according to a report published today.

The 2020 State of the SOC Report, published today by security information and event management (SIEM) provider Exabeam, surveyed cybersecurity professionals working in security operations centres (SOCs) across Germany, Australia, Canada, the US and the UK.

It found that cybersecurity professionals generally give a positive assessment of their ability to detect threats, with 82% saying they were confident about the matter.

However, research from CrowdStrike has shown that dwell time grew by an average of 10 days between 2018 and 2019 – during which cybercriminals could enact considerable harm.

“From 2018-2019, we learned that dwell time – or, the time between when a compromise first occurs and when it is first detected – has grown,” said Steve Moore, chief security strategist at Exabeam.

“Based on this, it is surprising for SOCs to report such inflated confidence in detecting cyberthreats.”

Why the perceptions of cybersecurity teams matters

While this may not seem like a huge concern for businesses, it matters because many businesses will use the self-assessment of cybersecurity teams to inform decisions about cybersecurity funding and related operational choices.

And while many working in the field may feel that their employers often don’t listen to them, there are signs that this is not the case.

“We see great progress in the SOC with attention paid to employee well-being, measures for better communication and more,” said Moore.

“However, disparate perceptions of the SOCs’ effectiveness could be dangerously interpreted by the C-suite as assurances that the company is well-protected and secure, when it’s not.”

The report also found differences in priorities between analysts and cybersecurity teams. While the former currently see distributed denial of service (DDoS) attacks and ransomware as the biggest concern, those leading SOCs consider phishing attacks and supply chain vulnerabilities to be a greater priority.

Read more: Amnesty International: “Coordinated” spyware operation targets human rights activists in India

Verdict deals analysis methodology

This analysis considers only announced and completed cloud-deals deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: ,