Companies are increasingly being hit by ‘undetectable’ attacks, wreaking havoc on their infrastructure and leading to data compromise, outages, fines, audit failures, and reputational damage, new research has claimed.
The Security Operations Trends Report from Red Canary, based on a survey of 700 security leaders from the US, UK, New Zealand, Australia, and Nordics, found over the past year, 87% of respondents experienced security incidents they could’t spot and neutralize.
Digging deeper to find the causes, Red Canary found for the majority of the respondents (73%), their attack surface widened by 77%, meaning they have introduced new endpoints and new software, both of which can be targeted with malware. Furthermore, two-thirds (64%) said they struggle with knowledge gaps when it comes to securing new tech.
AI, staff shortages, and other woes
But that is not the only reason for the rise in invisible threats. For two-thirds (62%), AI adoption has made security more difficult, and so has the cloud. At the same time, hackers are moving through intrusion chains faster (says 77% of the respondents), while the time between detection and resolution stayed the same, at best, for 85% of the respondents.
Finally, IT teams are having to juggle too many tools, and too many security notifications, straining them to the point of breaking. Security teams use more than 90 tools on average, yet 60% reported “too much noise”. Things would be easier if companies had enough staff to handle the workload, but that isn’t the case. In fact, 83% struggle to hire and retain skilled professionals, and 62% are facing high employee churn, as a result of overworking and stress.
“The scale of risks facing the business today is unprecedented, and traditional security approaches are failing,” said Brian Beyer, CEO & Co-founder of Red Canary. “For too long, companies have tried to tackle this escalating problem by throwing more money, tools, and people at it. But with technology advancing at breakneck speed for both defenders and adversaries, cybersecurity teams are drowning, unable to keep up.”
Beyer argues that businesses need a new approach to security, which involves “strategic partnership and expert detection engineering.”
More from TechRadar Pro
- Hackers are getting more imaginative when it comes to writing new malware
- Here’s a list of the best firewalls today
- These are the best endpoint protection tools right now