Security Experts:

Breach Detection, Prevention Harder Than 2 Years Ago Despite Security Spending: Survey

A new report from Enterprise Strategy Group found that many enterprises feel breach prevention and detection is more difficult today than two years ago.

According to a survey of 200 IT and information security professionals, 75 percent agreed that detecting and preventing a breach has become harder. Fifty-nine percent said malware has grown more sophisticated during the last 24 months and presents fresh challenges - even though the vast majority (87 percent) said they have increased endpoint security spending during the same period.

The survey also revealed that 54 percent felt that it was impossible to keep up with the amount of alerts related to endpoint security threats and breaches.

"Despite efforts to stay on top of patches and updates – and spending more on endpoint security products that should detect malware – it is obvious that IT organizations are becoming frustrated in their attempts to stay ahead of cyber criminals," said Jon Oltsik, senior principal analyst with the Enterprise Strategy Group, in a statement.

A particular focus of the survey was the subject of browser-based breaches. Eighty-one percent of organizations that experienced a security breach within the past 24 months that tied it to an attack that was introduced into the network via a browser classified the time it took to remediate the breach as "very significant" or "significant."

Some 82 percent of those surveyed said they were concerned about files containing malicious content downloaded via browsers. Eighty-five percent reported that their IT departments work to keep browsers patched, and 84 percent monitor browser configurations for vulnerabilities.

Ninety-two percent said they would characterize their organization as being "very aggressive" or "somewhat aggressive" in terms of their willingness to test and adopt new types of cybersecurity technologies.

"The common web browser is a malware distribution system for advanced persistent threats," Branden Spikes, CEO and CTO of Spikes Security, which commissioned the study, said in a statement. “It’s simultaneously the most ubiquitous and strategically important application in the enterprise, so naturally it has become the focus for hackers. Every click can potentially place the network and the organization at risk."

view counter