Can You Detect a Cyberattack?
Tripwire has released the results of a study that evaluated the confidence of IT professionals regarding the efficacy of security control (including PCI DSS, SOX, NERC CIP, MAS TRM, NIST 800-53 and IRS 107) useful in detecting an in-progress cyberattack.
While a majority displayed high levels of confidence in their ability to detect a data breach, they were reportedly unsure how long it would take automated tools to discover key indicators of compromise.
For example, when asked how long it would take automated tools to detect unauthorized configuration changes to an endpoint on their organizations’ networks, 67 percent only had a general idea, were unsure or did not use automated tools. However, when asked how long it would take to detect a configuration change to an endpoint on their organizations’ networks, 71 percent believed it would happen within minutes or hours. Configuration changes are a hallmark of malicious covert activity.
“All of these results fall into the ‘we can do that, but I’m not sure how long it takes’ category,” said Tim Erlin, director of IT security and risk strategy for Tripwire. “It’s good news that most organizations are investing in basic security controls; however, IT managers and executives, who don’t have visibility into the time it takes to identify unauthorized changes and devices, are missing key information that’s necessary to defend themselves against cyberattacks.”