IT professionals in financial services firms are overconfident in their breach detection capabilities, according to a study conducted for Tripwire by Dimensional Research.
The study respondents included 763 IT professional from various industries, including 134 participants from financial services. It evaluated the confidence of IT professionals regarding the efficacy of seven key security controls necessary to quickly detect a cyber-attack in progress.
"While financial services organizations perform well on many of the fundamental security controls, there are still significant gaps in visibility within these organizations," Tim Erlin, director of IT security and risk strategy for Tripwire, told eWEEK. "The most concerning findings are the areas where these basic, best practices are missing; where patches aren’t applied; or new devices aren’t detected. There’s high confidence among respondents, but clear gaps in deployment."
A low 37 percent of respondents said their automated tools were able to identify locations, department and other critical details of network devices that had unauthorized configuration changes.
The survey also found 82 percent of respondents believe they could detect configuration changes to a network device on their organizations’ networks within minutes or hours; however, 59 percent acknowledged they did not know exactly how long it would take to do this.
"Some of the overconfidence comes from the relatively positive position that financial services organizations have with regards to the larger industry," Erlin said. "There’s no doubt that financial services organizations as a whole are better secured than many other industries, but better doesn’t mean complete. The results clearly point to areas available for improvement."
The vast majority (92 percent) said they believe vulnerability scanning systems would generate an alert within minutes or hours if an unauthorized device was discovered on their network, according to the survey.
However, around three-quarters (77 percent) said they automatically discover 80 percent or less of the devices on their networks.
The survey also found 29 percent do not detect all attempts to access files or network-accessible file shares without the appropriate privileges, and 40 percent said less than 80 percent of patches are successfully fixed in a typical patch cycle.
"We continue to see advances in technology that move the corporate IT consumer further away from the details of deployment and management," Erlin said. "While these advances in cloud, virtualization and automated provisioning speed the rate of deployment, they also bury complexity. The next few years will see a rise in attacks that take advantage of the relatively unknown complexity buried in these systems. We’ll see attacks on infrastructure with which IT professionals no longer have expertise and control over."