How to Overcome A False Sense of IT Security Confidence

Despite facing a rapidly growing and evolving cyber threat landscape, many senior IT decision-makers remain very confident in their ability to protect their organisation’s infrastructure from attack. However, this confidence could be misplaced.

According to ExtraHop’s 2022 Cyber Confidence Index, confidence levels among CISOs is at an all-time high of 77%. Yet reports of lax security practices and an increase in the number of attacks demonstrate that the confidence may be unwarranted.

Confidence versus reality

The confidence is stimulated by a range of factors. The survey found that 61% of CISOs believe their organisation has a commitment to best practices and secure processes. At the same time, 59% believe they have the right security tools in place, and 55% uphold the ability of their in-house IT teams.

Yet this confidence appears to be too high when it comes to withstanding real-world attacks. According to the cyber confidence index, 85% of CISOs report having experienced at least one ransomware attack during the past five years, while nearly two-thirds admit that incidents are the result of their own outdated IT security postures.

If an organisation is consistently overestimating its security preparedness while at the same time lacking resilient protective measures, it means there is a worrying gap between what’s discussed in the boardroom and what is actually happening on the ground.

The challenge of insecure protocols

In many cases, at least some of the gap between security perception and reality is occurring as a result of legacy networking protocols. These were developed many years ago without any real consideration of security.

Now attackers are looking for vulnerabilities caused by these protocols to use them as an entry point into their target’s IT infrastructure. The research report found that 92% of respondents admitted to using at least one insecure protocol in their IT infrastructures.

Widely used protocols such as SMBv1, NTLM protocol, LLMNR protocol, SNMP, FTP and even HTTP, may not apply encryption or remain insecure and vulnerable to brute force attacks. This is very concerning for organisations, and it gives them a worrying exposure to potential attacks.

The fact that such protocols are still widely used shows the ongoing challenges that exist around the continued use of legacy technologies and systems. It’s vital that a comprehensive review is undertaken quickly to identify any potential issues and take the steps necessary to overcome them.

Overcoming a disjointed environment

Another issue that can result in security measures being lower than many in an organisation perceive is the disjointed nature of IT teams. Often, these teams tend to work in silos and fail to communicate effectively with each other.

According to the survey, more than 40% of IT decision makers pointed to a lack of cooperation between their network, security, and cloud operations teams while 35% flagged inadequate tooling as a major challenge.

These results are very concerning as they expose fundamental flaws in the way in which technology is being deployed and managed within many organisations. It’s clear that critical elements are falling through the cracks as teams believe they are being handled by someone else.

One way to overcome this challenge is through the adoption of AI-based cybersecurity tools. These tools can monitor an entire IT infrastructure and flag suspicious events for closer inspection by security teams.

These tools can help to overcome existing silos by ensuring that all teams can gain a comprehensive view of what is taking place across the infrastructure. This can help to identify weaknesses and spot attacks much more quickly than has previously been possible.

Better aligning perception with reality

By taking these steps, organisations will be much better placed to align management’s perception of security readiness with what is actually happening in reality.

Doing what is required now will ensure the technologies, tools and processes required to achieve robust security will be in place and ready to afford the protection an organisation requires. Perception will be reality.

Rohan Langdon, Vice President Australia and New Zealand, ExtraHop