When it comes to securing the premises, the majority of businesses are prioritizing prevention over detection, investigation, and response, a new report has found. However as a result, large numbers of firms are being hit by data breaches or other attacks, with the incidents constantly getting worse.
Researchers at Exabeam surveyed 500 IT security professionals, finding roughly two-thirds of the respondents (65%) prioritize prevention as their number one endpoint security (opens in new tab) goal.
For a third (33%) – detection was the highest priority.
Too late to the party
To make matters even worse – the businesses are actually acting on this thinking. Almost three-quarters (71%) spend between 21% and 50% of their IT security budgets on prevention, while 59% invest the same amount as they do for detection, investigation, and response.
The trouble with this approach, according to Exabeam’s Chief Security Strategist, Steve Moore, is that the firms are focusing on prevention with crooks already inside the walls, rendering their efforts futile.
“As widely known, the real question is not if attackers are in the network, but how many there are, how long have they had access, and how far have they gone,” Moore says. “Teams need to socialize this question and treat it as an unwritten expectation to realign their investments and on which to perform, placing the necessary focus on adversary alignment and incident response. Prevention has failed.”
When asked if they are sure they can prevent attacks, most respondents answered positively. In fact, 97% said they felt confident in their tools and processes, to prevent and identify intrusions and data breaches.
However, when asked if they’d easily tell their boss their networks weren’t breached at the time, just 62% would say yes, meaning more than a third had their doubts.
In other words, Exabeam says, security teams are overconfident and has data to back it up. Citing industry reports, the company claims 83% of organizations experienced more than one data breach last year.