Security breaches cost UK organisations an estimated £1.5bn a year, yet many continue to disregard the next big wave of risk to IT security from unknown threats, a study has revealed.
A multitude of risks have been introduced by a new generation of unknown security threats stemming from megatrends and technologies such as BYOD, mobility, cloud computing, and internet usage.
Although 71% of UK organisations polled admitted to a security breach in the past year, just 40% consider unknown threats a top security concern, according to the latest Dell global security survey.
And while 72% of respondents claim their current security processes enable IT to immediately identify a security breach, actual detection of the breach takes seven hours on average, the study found.
The report said a spike in social engineering, malicious and/or accidental internal attacks and advanced persistent threats means organisations are vulnerable from all directions.
All stakeholders must immediately take action to strengthen access to points inside and outside the perimeter, and help users prevent such attacks, the report said.
More than half of UK respondents said they have increased funds spent on education and training of employees in the past 12 months and half believe security training for new and current employees is a priority, with 42% of UK respondents saying they had increased spending in monitoring services over the past year.
More on threat detection
- Enhanced threat detection: The next (front) tier in security
- The evolution of threat detection and management
- Security Think Tank: Flame a good reason to keep up with emerging threat analysis
- Advanced volatile threat detection: New term, old malware?
- New vulnerability assessment tools proactively detect security threats
- Major gaps in enterprise insider threat detection, study shows
BYOD, cloud and the Internet were the top areas of concern for security threats, yet 88% of UK organisations allow personal devices for work.
Some 31% of all end users access the network on personal devices globally, rising to 37% in the US and falling to 24% in the UK.
Some 46% of UK respondents said instituting policies for BYOD security is of high importance in preventing security breaches; 71% ranked increased use of mobile devices as a top security concern in the next five years and 16% said misuse of mobile devices/operating system vulnerabilities is the root cause of security breaches.
Many organisations today use cloud computing, potentially introducing unknown threats that lead to targeted attacks on organisational data and applications. Survey findings prove these stealthy threats come with high risk.
Two-thirds of UK respondents said their organisations currently use cloud and 47% ranked increased use of cloud as a top security concern in the next five years, suggesting unease for the future as just 22% said moving data to the cloud was a top security concern today.
In organisations where security is a top priority for next year, 86% are using cloud, with 16% admitting cloud apps or service usage are the root cause of their security breaches.
The report said the significance of the unknown threats that result from heavy use of Internet communication and distributed networks is evidenced by the 63% of respondents who ranked increased reliance upon internet and browser-based applications as a top concern in the next five years.
Some 16% of UK respondents consider infection from untrusted public Wi-Fi among the top three security concerns for their organisation; 43% identified malware, viruses and intrusions often available through web apps, OS patching issues, and other application-related vulnerabilities as the root causes of breaches, and 77% are currently using email security to prevent outsider attacks from accessing the network via their email channel.
The survey revealed that 76% of all IT leaders surveyed (93% in the US and 77% in the UK) agree that to combat today’s threats, an organisation must protect itself both inside and outside of its perimeters.
The report said this requires a comprehensive set of solutions that protects from the inside out and the outside in as well as one that connects these capabilities to provide deeper insights and stronger predictive analytics so strategic action can be taken quickly.
“Traditional security solutions can defend against malware and known vulnerabilities, but are generally ineffective in this new era of stealthy, unknown threats from both outside and inside the organisation,” said Matt Medeiros, vice-president and general manager of Dell Security Products, Dell Software Group.
“These threats evade detection, bypass security controls, and wreak havoc on an organisation’s network, but, despite these dangers, our study found, among those surveyed, organisations are just not prepared,” he said.
According to Medeiros, there is still a “disturbing” lack of understanding and awareness of the type of impact and detriment caused by the unknown threats.
“As a result, we believe a new security approach is needed – one that is embedded in the fabric of software, governing access to every application and protecting every device, both inside and outside a corporate network.
“Only then will organisations have a chance at keeping one step ahead of these epidemic threats that can significantly damage their network,” he said.