Control failures are behind a growing number of security incidents at large organisations, according to the Panaseer 2022 Security Leaders Peer Report.
Data from an external survey of 1,200 enterprise security leaders also reveals that an increase in tools and manual reporting combined with control failures are contributing to the success of threats such as ransomware, which costs organisations millions in recovery costs.
Panaseer, an enterprise security company, developed the report to get insight into how the state of enterprise security has evolved in the last two years, following a global shift to new working models.
Currently only 36% of security leaders feel very confident in their ability to prove controls were working as intended. This is despite 99% of respondents believing it’s valuable to know that all controls are fully deployed and operating within policy, and cybersecurity control failures are currently being listed as the top emerging risk in the latest Gartner, Inc. report. Attacks only succeed when they hit systems that haven’t been patched or don’t have security controls monitoring them.
The vast majority (82%) of security leaders have been surprised by a security event, incident or breach that evaded a control thought to be in place. It takes multiple control failures for an attack to be successful. In their experience, the respondents stated that it took an average of five or more control failures for an event, incident or breach to succeed.
The report also confirmed that only 40% of security leaders can confidently understand and remediate underperforming controls and track improvement. 60% of the security leaders lack strong confidence in their ability to continuously measure security controls that mitigate the infiltration, propagation and exploitation of a successful ransomware attack.
The rise in threats and shift to cloud-enabled remote working has increased the number of security tools used by large enterprises. On average, enterprise security teams are grappling to manage 76 discrete security tools, a significant jump from 2019 when the average was 64.
According to the report, security teams also spend more than half their time (54%) manually producing reports for regulators and auditors.
To read Panaseer’s full 2022 Security Leaders Peer Report, visit: panaseer.com