CISOs Witness More Cyber Breaches, but Endpoint Detection and Response Tools Have Tripled Visibility on Attacks

Some 37 percent of chief information officers in the US and Europe admit their company has suffered a breach in the past year, a slight increase from 34 percent in 2016. However, continuous adoption of endpoint detection and response tools has helped them gain more visibility into cyber attacks - from 26% two years ago, to 84% in 2018, according to Bitdefender’s Advanced Threat Index, an annual survey of 1,000+ CISOs in the US and Europe.

Detection and response capabilities allow these companies to easily and immediately detect an attack and act to minimize the impact on its network, brand reputation and customers. Companies that use an EDR solution acknowledge that a cyberattack can occur at any time, and protection platforms can only address 99% of threats. EDR tools focus on the last 1%, allowing for much greater fidelity in incident investigations.

Without a proper EDR solution, increased visibility can backfire and cause alert fatigue, overburdening IT and security departments that are already stretched thin in terms of resources and manpower. A truly effective EDR solution needs to help drive security focus and become an enabler in building the organization’s overall security strategy. Otherwise, visibility can be seriously impaired by the sheer volume of potentially non-critical security alerts.

CISOs now place the need for faster detection and response capabilities as the second main driver for enhancing their company’s cybersecurity posture, as opposed to increased productivity in 2016. Improved data protection remains the top driver in all industries, the survey shows.

Respondents also say endpoint detection and response capabilities are the best security defense against APTs in their organization, climbing one step from the 2016 results.

When asked about IT security budgets, 49% of CISOs in the US and Europe say they have enough money to efficiently secure infrastructures, down from 64% in 2016. 33% say their budget is sufficient but could not accommodate infrastructure expansion, while 11% admit they could not sustain a future increase in headcount. Finally, 6 percent of those surveyed rate the budget as insufficient, twice as many as in the previous Advanced Threat Index.

Scarcely staffed and underfinanced IT and security teams that are overburdened with managing EDR tools may end up ignoring or disregarding the never-ending tide of security alerts, defeating the aim of detection and response. Triggered alerts could take days, weeks, and even months before they’re addressed and investigated, meaning a lack of staff could be just as detrimental as the lack of an EDR solution in terms of the time it takes to detect a breach.

“The major benefit of meaningful EDR alerts is that accurate and actionable security alerts lead to fast detection and response, without overburdening IT or security staff with trivial notifications,” says Bitdefender Global Cybersecurity Analyst Liviu Arsene. “Rapid detection of data breaches directly affects organizations in a positive way, as incident response procedures can be immediately triggered to contain, mitigate, and prevent full-blown security incidents. Failure to do so may lead to full infrastructure compromise, irreversible data loss, and financial repercussions, from which some companies may never recover.”

The survey, conducted in February-March 2018 by Censuswide for Bitdefender, included 1,050 IT security purchase professionals from large enterprises with 1,000+ PCs and data centers, based in the US and Europe. 250 respondents originate from the United States, while 154 are from Germany, 150 each from the UK, France, and Italy, 101 from Denmark and 100 from Sweden. Results have been compared with the previous survey conducted in April-May 2016 by iSense Solutions for Bitdefender, on a similar sample of respondents.