Splunk report: Majority of european orgs not prepared for cyber-attacks

New Splunk study reveals reliance on outdated technologies is leaving firms vulnerable to breaches caused by malicious insiders and "hapless users".

Windows app privileges subverted
Windows app privileges subverted

Europeans are startlingly unaware of the threat from within, according to new research from Splunk. As the primary cause of security breaches, insiders don't seem to register as the major threat that they are.

Commissioned by Splunk, the IDC white paper titled ‘Detecting and Responding to the Accidental Breach: The Impact of the Hapless User' is surveyed surveyed 400 large companies (of over 1000 employees) in the UK, France, Germany, Sweden and the Netherlands.

The research shows that eight of every 10 organisations overly rely on traditional approaches to security. These approaches focus mainly on system protection that cannot detect and respond to user activity that could result in compromise.

Nearly a third of respondents do not use basic methods of breach detection and less than a fifth have any form of security analytics in place.

Duncan Brown, research director of European security practice at IDC told SCMagazineUK.com that, “security breaches are inevitable, but that is tough for security professionals to accept given the considerable budgets that are spent on prevention.”

Brown explains that, “the majority of organisations have experienced a data breach over the past two years, but the average time to discover a breach remains around eight months. It is clear that organisations need to detect breaches as they happen, and not wait for the damage to be done. Importantly, taking an analytics driven approach to detect threats early and respond effectively will help companies to deal with threats of all kinds — external attackers, hapless users, and malicious insiders.”

The white paper also includes further insights into the insider phenomenon. For example, accidents are more of a threat than any outright malicious intent. The majority of the things organisations are concerned about are mostly caused by the witlessness of employees. The research notes that “Poor understanding of the hapless user means that organisations are looking in the wrong places to detect attacks and avoid breaches”

Perhaps more worrying is that organisations are having a hard time detecting breaches from the outside and in.  When investigating insider threats, 40 percent of respondents said they often didn't know where to look when remediating the problem. Lack of education and training came a close second as an obstacle to detecting inside jobs.

From the outside, the research notes “The majority of organisations across Europe are still using technology that is primarily designed to protect a traditional network-based perimeter”

While most organisations understand the need for the basics, firewall and antivirus software, most don't feel the need to reinforce that with analytics or anomaly detection

The full report on the breach defence and the hapless user can be found here.

Haiyan Song, senior vice president of security markets at Splunk told SC that, “In the age of the ‘inevitable breach', businesses across Europe need to adopt a ‘detect and respond' mentality.”

Song said that, “threat patterns vary, so security teams need to take an analytics driven approach with their Security Information and Event Management initiatives, leveraging machine learning and anomaly detection to identify suspicious behaviour and malicious activity early.  Using these solutions will help organisations further automate detection, conduct timely investigation and take the necessary steps to handle a breach, limiting the reputational and financial damage it can cause.”

Sign up to our newsletters