IT pros 'overconfident' in detecting breaches, Tripwire says

Endpoint detection and response company Tripwire and Dimensional Research conducted a research, and asked 763 IT professionals from various industries about their security practices, and if they felt confident they could detect an ongoing cyber-attack.

The two companies announced that the majority of IT experts felt 'overconfident' in their abilities to detect an ongoing threat and remove an unauthorised device from their network.

According to the press release following the report, 87 per cent of IT pros questioned said they could remove an unauthorised machine from their network ‘within minutes or hours’.

Director if IT security and risk strategy at Tripwire, Tim Erlin, said there is a difference between security and compliance, and that companies should not be satisfied with simply complying with the latest regulations.

“Compliance and security are not the same thing,” he said. “While many of these best practices are mandated by compliance standards, they are often implemented in a ‘check-the-box’ fashion. Addressing compliance alone may keep the auditor at bay, but it can also leave gaps that can allow criminals to gain a foothold in an organization.”

The study is based on seven key security controls required by a wide variety of compliance regulations, including PCI DSS, SOX, NERC CIP, MAS TRM, NIST 800-53, CIS 20 Critical Controls and IRS 1075.

“The path to a mature security deployment is through visibility because you cannot protect what you cannot see,” said Travis Smith, senior security research engineer for Tripwire. “Understanding what you have and how you can potentially be compromised allows security teams to focus on where attackers are likely to strike. The cost of being proactive is always less than the cost of being reactive.”