Organizations of all sizes and across the globe continue to accelerate the pace of digital transformation in order to improve productivity and gain a competitive advantage. Even those not born digital are changing how they traditionally operate by implementing digital strategies. Yet, as this trend continues, all too often companies must increasingly choose growth over cybersecurity.
As discussed in our Mandiant Security Effectiveness Report 2020, we are seeing many organizations leaving themselves vulnerable to cyber risk – and more often than not, poor cyber hygiene is one of the key culprits. This, coupled with attacks that are more sophisticated and targeted, means that organizations need to understand and improve their security effectiveness, but unfortunately, a very real and dangerous disconnect between assumptions and reality continues to challenge many companies.
In order to close the gap, security and the business need to be aligned. To get there, CEOs need to understand their organizations’ cybersecurity weaknesses and how those weaknesses can detrimentally impact them financially and operationally. As a starting point, here are the most surprising cybersecurity weaknesses that every CEO should know about:
Alerts are only generated for 9% of attacks
Without a doubt, this finding was alarming. We also found that many organizations are performing below their predicted levels of effectiveness, and that they have a discrepancy between their expected capabilities and the measured results.
68% of the time, CISOs are unaware that ransomware could be effective in their environment
Ransomware – we have all read headlines about this type of an attack, as ransomware can result in a sudden stop in business as well as loss in data and revenue. The most common causes for a lack of prevention or detection of ransomware include: deployment under default “out-of-the-box” configuration; unknown fail-open conditions in security controls; and outdated or poorly maintained signatures.
48% of malicious file transfers taking place within the network are missed
All too often, the victim of a malicious file transfer is unaware of that a compromise has occurred, and that can wreak havoc on an organization’s network. Successful malicious file transfers are most often caused by not being aware of vendor removal of malware signatures, misconfiguration of existing security controls, and under-resourced or aging sandboxing techniques and technologies.
97% of behaviors executed did not have a corresponding alert generated in the SIEM
In our report, we found that 39% was missed, 3% alerted, 26% detected and 40% prevented. This was a startling finding and most often resulted from outdated or missing site classification, lack of SSL inspection, and security events not making it to the SIEM.
Without a doubt, cybersecurity needs to be measured just like any other business function, and quite simply, that means organizations need to know that their security investments are working the way they are supposed to. To get there, they need empiric evidence that can only be achieved through continuous monitoring and measurement of their security stack. Solutions like Mandiant Security Instrumentation Platform (SIP) is enabling organizations to do just that by identifying risks in security controls before a breach occurs and permits them to rapidly adapt their defenses to the evolving threat landscape.
Interested in learning how you can validate your controls against current and actual attacks? Visit here to download a full copy of the Mandiant Security Effectiveness Report 2020, including a list of the 10 fundamentals for successful cyber security effectiveness validation.