Report: 74% of security leaders say that prevention-first strategies will fail

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

A new report by Vectra reveals that 74% of IT security leaders believe that prevention-first security strategies and solutions can fail, having experienced a significant security incident within their organization in the 12-month timeframe (February 2021-2022). Alarmingly, this statistic is only the tip of the iceberg.

The enduring cybersecurity arms race requires continuous innovation from both sides. A cybercrime economy worth trillions of dollars annually provides a fruitful environment for new Tactics, Techniques, and Procedures (TTPs) to thrive and disseminate.

So how is the industry handling the challenge of defending against this ever-moving target?

Many respondents to the Vectra survey felt that the industry continues to fall behind. Eighty-three percent of respondents acknowledged that legacy approaches do not protect against modern threats, and that we must “change the game when it comes to dealing with attackers.” This was echoed by the fact that 71% think that cybercriminals are leapfrogging current tools and that security innovation is years behind that of the hackers. Additionally, 71% believe that security guidelines, policies and tools are failing to keep pace with threat actor TTPs.

As security and IT teams face mounting expectations to keep their organizations protected from increasing malicious cyber activity, more than 79% of security leaders reported they have bought tools that failed to live up to their promise, with failing to detect modern attacks, only preventing low-level threats, and poor integration with other tools as key reasons. According to the survey, the top three reasons security tools fail to deliver on promise include a failure to detect modern attacks, they only prevented low-level threats and poor integration with other tools. However, despite these challenges, progress is being made. Of the 74% of respondents that experienced an event requiring significant incident response, 43% were alerted to the problem by their security tools. This is a positive development. In 2015, research indicated that 70% of breach incidents were discovered by a third party, which demonstrates that today’s detection and response tools are doing better.

Added to this, 42% of respondents said they’re very confident their portfolio of tools could detect and protect them against the kinds of threats used in the Kaseya, SolarWinds and JBS attacks. A further 37% said they were fully confident that they have visibility of all threats facing their organization.

Findings of the report come from a survey of 1,800 global IT security decision-makers working at organizations with more than 1,000 employees across France, Italy, Spain, Germany, Sweden, Saudi Arabia and the U.S., and more than 500 employees across the Netherlands and Australia & New Zealand.

Read the full report by Vectra.

Originally appeared on: TheSpuzz