Here at FreedomNews, we know that cyber security can often call for a layered approach. Trying to stop attacks from getting through in the first place is clearly extremely important. No system can ever be 100% secure, however, and organisations should also plan for what they ought to do if their security systems are breached.

Now, a new report is urging businesses to improve their capabilities when it comes to dealing with persistent attackers, post-breach attacks and attackers that are able to operate silently within their networks.

Preventative controls can’t keep all attackers out

OnOfer Israeli, founder and CEO of cyber security firm Illusive Networks, said: ‘Because preventive controls can’t keep all attackers out, cyber programs need to anticipate attackers – both insider threats and external actors – who achieve and maintain an internal presence. To reach sensitive data and critical systems, these attackers use valid credentials and connections that the business itself creates, making them very difficult to detect.’

The survey, by Illusive Networks and the Ponemon Institute, found that nearly two-thirds of IT and security professionals polled said that they were not confident in the ability of their organisations to prevent serious damage after a cyber-attack. The survey polled professionals in the US, but the findings could also apply to organisations in other markets.

Many lack confidence in their ability to deal with resident attackers

Only around 40% of respondents rated themselves at seven or higher on a scale of one to ten regarding their abilities to detect and deal with ‘resident’ attackers who were operating within the systems following an initial breach of defences. Less than a third (28%) scored themselves seven or above on their ability to discover improperly stored user credentials.

The report also found that many organisations had an inability to prioritise incidents based on their potential impact. 37% of respondents, for example, said that they could not reliably tell which critical services may be impacted when a particular system was compromised.

Larry Ponemon, chairman of the Ponemon Institute, said: ‘While other cyber security research has touched on aspects of this study, this is the first time we have taken an in-depth look at these risk alignment issues.

‘The data suggests the gap between business leadership and security functions has a direct operational impact, and we hope this report helps stimulate new dialogue that helps organisations improve.’