Despite the deployment of numerous technologies to combat cyber-security threats, businesses lack confidence in the effectiveness of these measures, according to a survey of 168 IT decision makers across several industries.
The study, conducted by EiQ Networks, found lack of process was a top concern, with 62 percent of IT pros noting they have either “no process” or a “partial process” in place to detect and respond to a security incident.
The survey found that companies are using a variety of security technologies, including traditional firewall (86 percent), anti-virus software (71 percent), log management (58 percent), and security information and event management (SIEM) technology (44 percent).
Just 15 percent of companies surveyed believe their employees are “well prepared” to spot the signs of an attack and react accordingly.
Nearly three-quarters (72 percent) of respondents stated that their IT infrastructure is “not well protected” and is vulnerable to Advanced Persistent Threats (APTs).
However, more than half (52 percent) of companies surveyed say they have made it a “priority” to re-think their infrastructure to keep pace with APTs.
"Interestingly, in spite of investing and deploying the latest and greatest technologies such as next-gen firewall, malware appliances, AV, UTM, IPS and so on, that are supposed to be truly next gen and protect against latest threats, 73 percent of IT security professionals are not confident these technologies will effectively detect and or prevent advanced cyber-threats we are seeing today," Vijay Basani, president and CEO of EiQ Networks, told eWEEK. "These signature- based technologies continue be easily compromised due to their limited ability to adopt to dynamic threat vectors."
Basani said the primary reason is that relying on technology alone cannot protect an organization from becoming a victim to a cyber-attack.
"Sadly even in today’s cyber-breach dominated world, there is a large percentage of senior executives that only give lip service to cyber-security and starve IT security teams of necessary budgets to implement an effective security program," he said. "It is not uncommon to hear that most organizations and senior executives are conditioned by the security vendors into believing that technology alone can be the magic wand against cyber-attacks."
He explained the reality is that technology is only one of three absolute core pieces of an effective security program. The other two factors are process and people.
Respondents indicated that the network perimeter (23 percent), endpoints (21 percent) and Web applications (14 percent) were areas of highest concern.
In addition, 68 percent of companies surveyed said their "reputation" is more at stake than their financials, and 19 percent said they could withstand a "small financial hit," while 13 percent said a cyber-attack would "devastate us financially."
"Increasingly companies are warming up to the idea of cyber liability insurance," Basani said. "Like general liability insurance, companies can cover most of the financial loss through cyber liability or risk insurance. Unfortunately cyber insurance does not cover loss due to reputation damage where a small- to medium -sized company may loss good chunk of their customers and suffer lasting loss of brand reputation and customers."