Andrey Popov - stock.adobe.com

Security buyers lack insight into threats, attackers, report finds

The majority of cyber security purchasing decisions are made without proper insight into the attackers organisations are facing, according to a Mandiant report

Cyber security leaders tend to be happy with the quality of threat intelligence they get from their industry partners, but struggle to generate real insight from it, and are making uninformed, or even downright bad, purchasing decisions as a result.

A study conducted by Google Cloud’s Mandiant, based on a global survey of 1,350 security decision-makers in 13 countries and 18 sectors, including financial services, government and healthcare, found that while security leaders believe they need to better understand the threats they may be facing, 79% of them are making important security decisions without insights.

Almost half, 47%, said they found the task of effectively applying the intelligence they do have throughout the security team to be one of their greatest challenges, and 98% said they needed to do much better at implementing changes to their cyber strategy based on up-to-date intel. A total of 79% agreed their organisation could usefully stand to focus more time and energy on identifying crucial trends.

Ultimately, 67% of respondents said the senior leadership teams in their organisations were underestimating the threats they faced, and 68% agreed they needed to improve their understanding of the threat landscape. Only 53% felt able to prove to their bosses that they had an effective security programme.

“Organisations in the UK remain high-value targets for cyber threat actors,” said Jamie Collier, Mandiant’s senior threat intelligence advisor for EMEA.

With a number of high-profile breaches already this year, security professionals are more conscious than ever of the need for better security practices.

“This research indicates that one of the biggest barriers to building stronger defences is the sheer volume of information: organisations must find better strategies for putting intelligence into action to regain much-needed focus and identify clear priorities,” he said. “UK organisations need to put themselves on the front foot, and that can only be achieved by knowing your adversaries, implementing changes at speed, and ensuring cyber risks are communicated effectively among all stakeholders.”

Read more about threat intelligence

Mandiant vice-president Sandra Joyce added: “A conventional, check-the-box mindset isn’t enough to defend against today’s well-resourced and dynamic adversaries. Security teams are outwardly confident, but often struggle to keep pace with the rapidly changing threat landscape. They crave actionable information that can be applied throughout their organisation.

“As our Global perspectives on threat intelligence report demonstrates, security teams are concerned that senior leaders don’t fully grasp the nature of the threat,” she said. “This means critical cyber security decisions are being made without insights into the adversary and their tactics.”

The report also found that cyber leaders got to discuss their work on average only once every four or five weeks with organisational leadership and senior stakeholders, which it can be argued is nowhere close to often enough given the nature of the threat landscape, and that only 38% were sharing threat intelligence more widely within their organisations so that employees have a better grasp of risk awareness.

Cause for optimism

The headline concerns do, however, mask some optimism vis-à-vis the general effectiveness of security programmes; respondents mostly expressed confidence that they would be able to withstand a cyber security incident should the worst come to the worst.

A total of 91% of respondents said they felt able to respond effectively against financially motivated threats, that is to say, ransomware attacks, while 89% said they could respond effectively to disruption caused by hacktivist groups, and 83% to a threat emanating from a nation state-backed advanced persistent threat group.

Asked further to rank which of the Big Four nation-state cyber threats they felt they would be unable to fully defend against, 57% cited Russia, 53% China, 52% North Korea and 44% Iran.

Read more on Data breach incident management and recovery