Skip to main content

Most security leaders worry traditional approach doesn't shield again supply chain attacks

security
(Image credit: Image Credit: Wright Studio / Shutterstock)

Most security leaders believe traditional threat detection solutions are not equipped to combat supply chain threats, a new report from Vectra AI suggests.

The security firm recently polled 200 UK IT security decision makers from companies with at least 1,000 employees and found that 89 percent don’t trust traditional approaches to cybersecurity.

In fact, three-quarters (76 percent) bought cybersecurity tools that failed to live up to their promises, as they struggled to integrate with existing systems, could not detect modern attacks and failed to provide proper visibility. 

As a result, more than two-thirds (69 percent) think they may have been breached without knowing it (a third think this is “likely”).

The respondents essentially believe cybercriminals are bigger visionaries than those on the other side of the security equation. Two-thirds (69 percent) believe security innovation is “years” behind the attackers. 

There are numerous reasons this is the case, the respondents further explained, citing legacy thinking around security, as well as poor communication between security teams and the board. In fact, 58 percent think the board is a full decade behind when it comes to security discussions. 

But as the number of high-profile attacks grows, so does awareness in the boardroom, the report further claims. More than half (54 percent) are shifting away from the prevention-first mentality, and are increasing their investment in security solutions. 

“Companies are not the only ones innovating. Cybercriminals are too. As the threat landscape evolves, traditional defenses are increasingly ineffectual,” said Garry Veale, Regional Director, UK & Ireland at Vectra. 

“Organizations need modern tools that shine a light into blind spots to deliver visibility from cloud to on premise. They need security leaders who can speak the language of business risk. Boards that are prepared to listen. And a technology strategy based around an understanding that it’s ‘not if but when’ they are breached.”

Sead Fadilpašić

Sead is a freelance journalist with more than 15 years of experience in writing various types of content, from blogs, whitepapers, and reviews to ebooks, and many more, across sites including Al Jazeera Balkans, TechRadar Pro, IT Pro Portal, and CryptoNews.