A new report finds that when it comes to securing buildings, the majority of companies prioritize prevention over detection, investigation, and response. But as a result, large numbers of companies are exposed to data breaches or other attacks, with incidents continually worsening.
Researchers at Exabeam surveyed 500 IT security professionals, and found that nearly two-thirds (65%) of respondents prioritized prevention as the number one goal of endpoint security.
For a third (33%) – discovery was the top priority.
It’s too late for the party
To make matters worse – companies actually operate on this thinking. Nearly three-quarters (71%) spend between 21% and 50% of their IT security budgets on prevention, while 59% invest the same amount they invest in detection, investigation, and response.
The problem with this approach, according to Exabeam’s chief security strategist Steve Moore, is that companies focus on preventing scammers already inside the walls, making their efforts futile.
> Microsoft is discontinuing Windows 11’s built-in data leak prevention feature — so now you’ll have to pay
> Three stages of malware defense
> Check out the best malware protection services now
“As is widely known, the real question is not whether attackers are in the network, but how many there are, how long they’ve had access, and how far they’ve gone,” Moore says. “Teams need to socialize this question and treat it as an unwritten prediction to realign their investment and performance to be done, with the necessary focus on aligning the opposition and responding to incidents that fail to prevent.”
When asked if they were sure they could prevent attacks, most of the respondents answered in the affirmative. In fact, 97% said they felt confident in their tools and processes, to prevent and identify hacks and data breaches.
However, when asked if they would easily tell their boss that their networks had not been hacked at that time, only 62% answered yes, which means that more than a third have their suspicions.
In other words, says Exabeam, security teams are overconfident and have data to back it up. Citing industry reports, the company claims that 83% of organizations experienced more than one data breach last year.
- These are the best firewalls today