How well are global organisations protecting themselves?
Measuring the effectiveness of and justifying the investment in security controls has become a key performance metric for enterprises because boards of directors and CEOs are expected to provide verifiable proof that business assets are protected from the fallout of a potential breach.
Security vendor FireEye, has released the Mandiant Security Effectiveness Report 2020 which shows how well organisations are protecting themselves against cyber threats and the overall effectiveness of their security infrastructure.
The report also reveals the results of tests performed by experts from the Mandiant Security Validation (previously known as Verodin) team.
The tests consisted of real attacks, specific malicious behaviours, and actor-attributed techniques and tactics run in enterprise-level production environments representing 11 industries against 123 market-leading security technologies — including network, email, endpoint, and cloud solutions.
Snapshot of Security Effectiveness Challenges:
- 53 per cent of attacks successfully infiltrated environments without detection
- 26 per cent of attacks successfully infiltrated environments but were detected
- 33 per cent of attacks were prevented by security tools
- 9 per cent of attacks were generated, demonstrating that most organisations and their security teams do not have the visibility they need into serious threats, even when they use central SIEM, SOAR and analysis platforms.
- Reconnaissance: In testing network traffic, organisations reported only 4 per cent of reconnaissance activity generated an alert
- Infiltrations & Ransomware: 68 per cent of the time, organisations reported their controls did not prevent or detect the detonation within their environment
- Policy Evasion: 65 per cent of the time, security environments were not able to prevent or detect the approaches being tested
- Malicious File Transfer: 48 per cent of the time, controls in place were not able to prevent or detect the delivery and movement of malicious files
- Command & Control: 97 per cent of the behaviors executed did not have a corresponding alert generated in the SIEM
- Data Exfiltration: Exfiltration techniques and tactics were successful 67 per cent of the time during initial testing
- Lateral Movement: 54 per cent of the techniques and tactics used to execute testing of lateral movement were missed
Tim Wellsmore, director of government security programs at FireEye Mandiant Asia Pacific told CIO Tech Asia, CIOs and CISOs are continuing to report the importance of being vigilant as they validate and test security architectures.
Due to the COVID-19 pandemic many governments across the APAC region where encouraging or mandating citizens download a virus tracking app.
Wellsmore said another app will have little impact on their approach to business security, as long as the app is not trying to extract and remotely communicate sensitive data.
“The concern around these apps does not justify the actual risk,” he said. “However, the design of the app must be understood before a real risk assessment can be made. There is always a healthy debate between government access and privacy, and the Covid-apps generate the same discussions.”
According to Wellsmore introducing government policy to make the apps compulsory increases the concern of over-reaching governments.
“As long as the app design and protocols are public and the app system access is clearly articulated to the users, and any data provided to governments is well secured, the risks are mitigated and the justification for national health outcomes is obvious.”
Wellsmore believes understanding how the government has secured this specific data store would be critical to better assess the risks.
“Considering the significant push to the cloud for many other government services, utilising of the cloud for Covid-safe apps makes sense and is in line with government practices,” he said.
“However, maintaining security on government and sensitive citizens data (in the cloud or not) will continue to be an ongoing challenge in the modern cyber threat environment.”
According to FireEye, the main issues stemming from organisations having an effective cyber defence without evidence of security performance, those organisations are operating on assumptions that don’t match reality and leave them with significant risk.
Many organisations are performing below their predicted levels of effectiveness. The data shows that many companies find a discrepancy between their expected capabilities and the measured results.
“The best way for your organisation to combat this disconnect is to validate the effectiveness of your security program through ongoing, automated assessment, optimisation and rationalisation,” states the report.
This will enable you to minimize cyber risk across your entire organisation by protecting not only critical assets but also brand reputation and economic value.”