Ovum Insights - What can you learn from victims of cyberattacks?
Navisite recently sponsored research conducted by Ovum, presented in a white paper - Tackling Increasingly Complex Security Challenges - which considered the extent of cybersecurity threats faced by businesses and their strategies for dealing with these threats. The research included organizations that had experienced a data breach – and their experiences have some interesting lessons for all CTOs.
What can you learn from victims of cyberattacks?
For some businesses, their greatest contribution to history will be to demonstrate the potential impact of serious mistakes and bad choices. Blunders like Blockbuster’s refusal to buy Netflix – several times. Or Kodak’s decision to ignore their patent for a digital camera so they could focus on their film business. Or how several UK NHS trusts were taken offline by WannaCry ransomware infection because they decided not to install the Windows patch that would have rendered the malware powerless.
Ovum’s latest research paper doesn’t contain any lurid stories of horrific failure, but it does have plenty of aggregated evidence collected from victims of cybersecurity breaches. And for any organization lucky enough to have avoided a data security incident, these findings provide food for thought – particularly with regards to how they invest their security budget in future.
Looking beyond the firewall
Regardless of whether a company has been victim of a cyberattack or not, firewalls remain the main focus of investment for all businesses. Slightly surprising is that breached companies are investing slightly less than average (87% vs 90%) until you look at the rest of their security spend.
By far the biggest disparity is in intrusion detection/intrusion prevention system spending. Compromised organizations are 7% more likely to be investing in technologies that block unauthorized network access, and provide alerts when suspicious activity is detected.
Breached businesses are also ahead of the pack when it comes to managing security inside the network perimeter. Network traffic analysis is more likely to be a priority, with 80% spending on the technology (against an average of 74%).
Perhaps most remarkable is interest in user and entity behavior analytics (UEBA) systems. These tools are designed to monitor and manage anomalous network traffic automatically, speeding up response times and limiting the scope for damage caused by cybercriminals. Ovum researchers also discovered use of UEBA is almost twice as prevalent among those that have experienced a breach of their existing endpoint detection and response (EDR) platform.
Without more detail it is hard to say whether increased interest in UEBA is part of a general trend towards using more security tools to better protect the network. It may suggest that breached companies were attacked from the inside by malicious users or using compromised credentials – neither of which is easily detected using traditional security monitoring tools.
Perhaps the most important lesson from the Ovum report is the way in which breached companies broaden the scope of security spending. Perimeter firewall spend falls slightly, but investment in other technologies is markedly above average. If nothing else, these companies are clearly spending more now to avoid falling victim to malicious hackers again in future.
Check out the other blogs from the Ovum Insights series:
- Your company firewall isn't enough
- Have you ever heard of security tool fatigue? You will
- Building a security-minded culture reduces risk