IT professionals: UK is losing battle against cybercrime

Research released this month has shown that 41 per cent of IT professionals believe it is only a matter of time before there is a major cyber-attack against the UK’s critical national infrastructure. A further 17 per cent are convinced it will happen in the near future.

Commissioned by security firm RedSeal Networks and conducted by OnePoll, the survey of 350 IT professionals found that when asked by the board if the company was secure, 55 per cent had to admit that they could not truthfully answer yes.

Furthermore, half (51 per cent) of IT managers would not be able to walk into a board meeting and provide the board with key performance indicators to show what level of success their investment is having in defending the network against attackers.

When asked if they needed more sophisticated tools so they could make sense of the volumes of data that they were managing, 27 per cent said that they did, while 26 per cent were unsure.

The research also showed that 'technical speak' is a big problem for businesses, as 38 per cent of respondents said that they believed that IT personnel and the board speak different languages; something that had a direct effect on IT getting the budgets they need.

Elsewhere, the research revealed that many IT professionals are drowning in a sea of data and log files, and are unable to talk to their superiors about the problem.

Despite the prevalence of log management and security incident and event management (SIEM) technologies to capture, record and provide visibility on a huge number of incidents seen by networks, the study showed that 31 per cent had so much data to look at that they were not able to see what was and was not critical, while 26 per cent had a time where their system was so overloaded with data, that they could not generate actionable reports.

These days, attacks are designed to be 'low and slow' and sit on your network capturing corporate data, rather than providing a large flashing sign announcing their arrival. Therefore there is a 'need to know' when it comes to what incidents have been attempted against you, and a need to know the details of what you have and have not seen.

Although half of the respondents were not fazed by this problem, the reality is that 30 per cent of respondents admitted that they had to ignore critical security problems as they did not have the time to sort them out. Also, 43 per cent had to admit that they did not have visibility into their global network, or an ability to print out a map of their current network topology.

Technology is the main option for enabling this capability, as the number of incidents pushes human intelligence to the maximum. However if the data is not being used in the right manner, or is even being ignored, then a business could be vulnerable to attacks because it is not learning about tactics being used by attackers.

Parveen Jain, CEO at RedSeal, said, “It’s pretty clear that the majority of today’s companies just don’t have any visibility into their networks and therefore don’t know what needs protecting and what doesn’t. We often see major corporations being attacked hundreds of thousands of times a day, but as they don’t know which attacks are the most harmful, they don’t know where to put up their defences.”

“The cyber-criminal community know that companies are overwhelmed with too much data and don’t have the resources or tools to protect their most valuable assets, so they take advantage of the weak spots,” Jain said.

When asked if they needed more sophisticated tools so they could make sense of the volumes of data that they were managing, 27 per cent said that they did, while 26 per cent were unsure.

Jain said, “Our advice is to utilise automated tools...that can hone in on the vital vulnerable data, giving IT the visualisation on their end-to-end network security architecture so they can prioritise remediation actionable intelligence to remain proactive versus reactive to today’s sophisticated cyber-attacks and then maybe once all goes well, IT can get their Christmas bonus!”