Accenture: Cybersecurity Defenders Gaining Ground on Attackers But Much Work Remains
There’s a bright side, a reality check and a plan in Accenture’s new cybersecurity state-of-the-state report, which concludes that defenders are closing the gap on hackers but more work needs to be done to make it a fairer fight.
The bright side: Despite a spike in the number of targeted cyber attacks more than doubling in the past year, organizations repelled nearly 90 percent of the malicious forays, up significantly from the 70 percent rebuffed last year.
The reality check: About 13 percent of focused attacks penetrate defenses and organizations are still facing an average of 30 successful security breaches per year resulting in damage or theft of confidential information.
The plan: Accenture, a Top 100 MSSP, offered five steps organizations can take to become cyber resilient (as Accenture defines it, the ability to minimize damage and continue to operate under attack). It’s no secret the stakes are high and the margin for error paper thin. “An attack needs to be successful only once, whereas organizations’ cyber resilience needs to be effective every time,” wrote the authors of Accenture’s Gaining Ground on the Cyber Attacker: 2018 State of Cyber Resilience.
Five Cybersecurity Trends
Accenture said the data, gleaned from surveying 4,600 enterprise security professionals in 15 countries at companies with annual revenues of at least $1 billion (the study is a follow-on from a smaller effort the consultancy engaged in 2017), presented five macro observations:
- Security teams have made great progress but there is still more work to be done on the basics. Collaboration among business and government sectors to stop cyberattacks is important: There is safety in numbers when defending against cyber attacks.
- Organizations need two to three more years of transformation to embed cyber resilience into the business but the pressure to perform grows daily.
- Breakthrough technologies are critical to future cybersecurity success but investment capacity is lagging behind intentions.
- Confidence around cybersecurity measures remains high but a more proactive approach is needed.
- More C-suite/board members are actively engaged with cybersecurity but the role of the CISO still needs to adapt.
More Facts and Figures
Here are some of the study’s statistical findings:
- On average, 89 percent of respondents said their internal security teams detected breaches within one month compared to only 32 percent of teams last year. This year, 55 percent of organizations took one week or less to detect a breach compared to 10 percent last year.
- Security teams are finding 64 percent of breaches, which is similar to last year. Many are collaborating with others outside their organizations to find the remaining breaches.
- 38 percent of attacks that the security team has been unable to detect are found by white-hat hackers or through a peer or competitor (up from 15 percent in 2017). Only 15 percent of undetected breaches are found through law enforcement, down from 32 percent the previous year.
- 67 percent of the security pros said their organization is actively protected by their cybersecurity program.
- Two of the top three cyberattacks with the highest frequency and greatest impact are internal attacks and accidentally published information.
- 46 percent of the respondents named cyber threat analytics and security monitoring as the capabilities most needed to fill gaps in their cybersecurity solutions.
- 83 percent said that new technologies such as artificial intelligence, machine or deep learning, user behavior analytics and blockchain are essential to securing the future of organizations.
Next Moves for Proper Cybersecurity
More on the plan: Five steps Accenture suggests organizations can take to achieve cyber resilience:
- Build a strong foundation. Identify high value assets and harden them. Ensure controls are deployed across the organizational value chain, not just the corporate function.
- Pressure test resilience like an attacker. Enhance red defense and blue defense teams with player/coaches that move between them and provide analysis on needed improvements.
- Employ breakthrough technologies. Free up investment capacity to invest in technologies that can automate your defenses. Use automated orchestration capabilities and advanced behavioral analytics.
- Be proactive and use threat hunting. Develop strategic and tactical threat intelligence tailored to your environment to identify potential risks. Monitor for anomalous activity at the most likely points of attack.
- Evolve the role of CISO. Develop the next generation CISO steeped in the business and balancing security based on business risk tolerance.