Prioritizing cyberattacks still needs a lot of work, according to new Picus Labs report

Prioritizing cyberattacks still needs a lot of work, according to new Picus Labs report

Posted on

Organizations aren’t very effective at prioritizing and preventing cyberattacks, according to a new study released today by Picus Labs.

Picus Labs’ parent company sells attack simulation tools, and the study, The Blue Report 2023, is based on telemetry from 14 million simulations created by its customers from January to June 2023. On average, organizations’ security controls prevent only 59% of the simulated attacks and prevent more complex attacks less than half of the time. There are also wide variations in organizations’ ability to prevent specific threats.

”Many organizations do not realize the degree to which their existing controls are insufficient for detecting attacks, especially sophisticated ones,” the authors wrote in their report. While these results aren’t actual attacks but simulations, they do provide an interesting comparison among the various kinds of attacks and the responses that Picus’ customers have in performing the simulations.

The report identified four tradeoffs involved in mitigating threats given scarce security resources: which attacks, and which vulnerabilities, are a priority, choosing between prevention and detection efficacy, and choosing between logging and alerting.

For example, some vulnerabilities discovered in 2019 still remain a threat to more than 80% of organizations. And their simulation data shows that, on average, organizations log 37% of the attacks but generate alerts for only 16% of the attacks.

The researchers scored prevention effectiveness on their platform and found a wide geographic variation in average scores, with South Asian customers scoring lowest and North America, Europe, Africa and the Middle East customers scoring highest.

They also found a variation in how well they prevented various ransomware strains, with OilRig the most successful at penetration and Sandworm the least. Still, Sandworm was stopped only a quarter of the times in their simulations (pictured adjacent).

The researchers found that the better an organization is at preventing threats, the weaker it is at detecting them, and vice versa. For instance, globally healthcare is the least effective sector at preventing attacks but is twice as successful as the average organization when it comes to detecting them. And North American organizations are almost twice as successful at preventing attacks as they are at triggering alerts to detect attacks in progress.

Images: markus-spiske/Unsplash, Picus Labs

Your vote of support is important to us and it helps us keep the content FREE.

One-click below supports our mission to provide free, deep and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *