A new study by security firm Tripwire says IT security experts are very confident they can detect a breach, and that they can detect it quite fast. For automated tools, they weren’t that confident.
The survey questioned 763 IT professionals in various verticals including retail, energy, financial services and public sector organisations in the US, about the seven key security controls that need to be in place in order to quickly spot an ongoing hack attack.
The seven key controls are required by security regulators including PCI DSS, SOX, NERC CIP, MAS TRM, NIST 800-53 and IRS 1075. These controls also align with US-CERT recommendations and international guidance such as the Australian Signals Directorate’s Strategies to Mitigate Targeted Cyber Intrusions.
The company said the majority of respondents responded with confidence, saying they could detect a data breach. However, they weren’t sure how long it would take automated tools to discover some of the key indicators.
The key question revolved around the detection of unauthorized configuration changes, as that is, according to Tripwire, the ‘hallmark of malicious covert activity’.
When asked how long it would take automated tools to detect unauthorised configuration changes to an endpoint on the organisation’s network, 67 per cent could not be precise or did not use such tools at all. Still, 71 per cent said it would take minutes, or hours at worst, to detect a configuration change to an endpoint on the organisation’s network.
“All of these results fall into the ‘we can do that, but I’m not sure how long it takes’ category,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “It’s good news that most organizations are investing in basic security controls; however, IT managers and executives, who don’t have visibility into the time it takes to identify unauthorized changes and devices, are missing key information that’s necessary to defend themselves against cyber-attacks.”