sb-as logo
Story image

Businesses left to make decisions based on old, inaccurate data, study finds

Organisations are often forced to make critical security decisions based on threat data that is not accurate, relevant or fresh, a new study finds.

Neustar has released a new report from the Neustar International Security Council (NISC), which shows just 60% of cybersecurity professionals surveyed indicate that the threat data they receive is both timely and actionable, and only 29% say the data they receive is both extremely accurate and relevant to the threats their organisation is facing at that moment.

With regard to the timeliness of threat data, only 27% of organisations are able to base their security decisions on near real-time data, while 25% say they receive updates hourly and another 24% receive updates several times per day.

According to the report, approximately one-third of organisations state that they have been the victim of a successful domain spoofing attempt (37%) or domain hacking attempt (31%) within the last 12 months.

Findings from the latest NISC research also highlighted a 12.4-point year-on-year increase in the International Cyber Benchmarks Index.

Calculated based on the changing level of threats and impact of cyber attacks, the index has maintained an upward trend since May 2017.

In addition, during July and August 2020, system compromise and distributed denial-of-service attacks (both 21%) were ranked as the greatest concerns for security professionals, followed by ransomware (20%) and theft of intellectual property (17%).

During this period, targeted hacking (63%) was most likely to be perceived as an increasing threat to organisations, followed by ransomware and DDoS attacks (both 62%).

In this round of the survey, 72% of participating enterprises indicated that they had been on the receiving end of a DDoS attack at some point, compared to an average of 52% over the 20 survey rounds.

NISC chairman and Neustar security CTO, senior vice president and fellow, Rodney Joffe, says, “With the pandemic exacerbating the sheer volume of threats and the nature of remote workforces creating a broader range of vulnerabilities, it is more critical than ever that organisations have access to actionable, contextualised, near real-time threat data to power the network and application security tools they use to detect and block malicious actors."

Joffe says, “A timely, actionable and highly relevant security threat data feed can help deliver curated insights to security teams, allowing them to better identify and mitigate risks such as malicious domain generation algorithms, suspicious DNS tunnelling attempts, sudden activity by domains with little or no history, and hijacked or spoofed domains.”

Story image
Interview: Why Acronis is building 111 micro data centres almost everywhere
We spoke to Acronis co-founder and technology president Stas Protassov to discuss these announcements.More
Story image
With cyber-threats continuing to evolve, organisations need to remain in the fight in 2021
Teams can make improvements in 2021 by having a more comprehensive understanding of the threats that are out there and defining how they conduct operations to offer flexibility to adapt better.More
Story image
Trend Micro integrates with AWS Gateway Load Balancer for improved security function
Cloud security firm Trend Micro has announced its hybrid cloud security integration with the newly launched AWS Gateway Load Balancer.More
Story image
Attivo solutions launch on McAfee marketplace
Attivo Networks’ endpoint security solutions are available for free trial and purchase through McAfee’s new cloud marketplace.More
Story image
Palo Alto Networks and PwC deliver MDR services to Hong Kong enterprises
“Together, PwC and Palo Alto Networks offer a service designed to address and solve customer cybersecurity pain points particularly as the market demands new ways to detect and respond to threats.”More
Story image
Video: 10 Minute IT Jams - Vectra AI exec discusses cybersecurity for Office 365
In Techday's second IT Jam with Vectra AI, we speak again with its head of security engineering Chris Fisher, who discusses the organisational impact of security breaches within Microsoft O365, why these attacks are on the rise, and what steps organisations should take to protect employees from attacks.More