Skip to main content

Most IT security teams are over-confident in their ability to stop threats

(Image credit: Image Credit: Deepadesigns / Shutterstock)

Corporate security operations centres (SOC) are “overconfident” in their ability to detect cyberthreats, claims a new report from Exabeam. 

Polling 295 respondents in the US, UK, Canada, Germany and Australia, the firm found that, while 82 percent of SOCs believe they can successfully detect cyberthreats, just 22 percent of frontline workers track mean time to detection (MTTD).

MTTD is one of the key metrics in understanding hacker dwell time – the period between the initial infection and the start of the attack.

For Steve Moore, Chief Security Strategist at Exabeam, this inflated confidence is “surprising”, especially given that dwell time has grown since 2018.

“We see great progress in the SOC with attention paid to employee well-being, measures for better communication and more. However, disparate perceptions of the SOCs’ effectiveness could be dangerously interpreted by the C-Suite as assurances that the company is well-protected and secure, when it’s not," he warned.

One of the weakest links in a business' security chain appears to be the discrepancy between the priorities of SOC leaders and frontline workers. While SOC leaders believe phishing and supply chain vulnerabilities are the most significant threats, analysts see DDoS attacks and ransomware as more pressing.

For SMBs, on the other hand, downtime and business outage is a bigger worry than threat hunting, even though the latter is considered a “must-have hard skill”.