A new survey of security executives at large companies in the US reveals that many don't have confidence in their enterprise security posture. Less than a third of these executives are confident in their organization's security position, and only slightly more than a quarter feel that their communications on security to senior management are effective.
The survey commissioned by Raytheon|Websense shows that many still rely on technology aimed at preventing breaches but do little after one has occurred. Yet 9 out of 10 of the organizations represented in the survey have had at least one breach involving a loss or compromise of data in the past year.
Despite this only a third of the executives surveyed employ qualitative techniques, such as dwell time, that help them understand the state of their network post-breach. 57 percent measure their security position simply by counting the number of breaches.
"With security spending continuing to skyrocket, it is more important than ever to be able to report on metrics that matter, not just quantitative metrics like counting breaches. When breaches are constant, and inevitable, we need a better way," says Ed Hammersla, president of Raytheon|Websense. "We know threats are going to get in. If we want to be more confident, we need to shift our thinking to metrics such as dwell time, or reducing the time a threat is in our network, which reduces damage and helps strengthen our overall security posture".
When asked about metrics used to communicate their security posture, only 28 percent of executives surveyed felt the ones they used were 'Completely Effective'. 65 percent felt the metrics were only 'Somewhat Effective'. Only 33 percent of those surveyed use dwell time (the elapsed time from initial breach to containment) alongside the other more established measurements such as Cost of Incidents (39 percent) and Reduction in Vulnerabilities (39 percent).
Intruders can do more damage to a business the longer they have to poke around and move within the network. The lesson from this research is that if an organization can limit the length of time a threat exists, the damage will be minimized. Enterprises therefore need to employ different detection, analysis, and ejection techniques to stay secure.
More information on the report is available on the Raytheon|Websense site.
Image Credit: Manczurov / Shutterstock