Hackers have the upper hand and government and private sector security professionals remain hamstrung because they do not have the tools or training necessary to effectively thwart cyber attacks, a new survey said.
Companies and government agencies are often losing the security war to hackers, with 75 percent of security professionals saying hackers have the upper hand with tools and automation, according to a survey of nearly 2,000 professionals by security company RedSeal.
Survey: In Age of Attack, Providers Less Aware
Cyber Report: Chemical Industry Under Attack
Privacy Tougher to Practice
New Blood can Curtail Cyber Attacks
Energy Dept. Cyber Attack Victim
Fifty percent of security professionals also have no idea how many hosts are accessible from outside their network, and only 41 percent believe vulnerability management tools accurately prioritize vulnerabilities.
Security professionals employed by the government were also some of the most likely to say hackers have an advantage over their defense technologies. Eighty-four percent of government security professionals said hackers have the upper hand, beat out only by the energy industry (86 percent). At the same time, government security pros were less likely to say they lack the ability to generate metrics needed to follow changes in network security posture, the study found.
In addition, 53 percent of security professionals said they lack the ability or knowledge to generate metrics needed to track security trends, the study found.
Chief information security officers also are in the dark on comprehensive security strategies, with 51 percent saying they don’t know or don’t think their tools accurately prioritize vulnerabilities and 25 percent said they don’t know if there are security metrics to measure and track overall effectiveness, the study found.
Dr. Mike Lloyd, chief technology officer at RedSeal, said the goal for all security professionals is to thwart 100 percent of attacks. Anything less, he said, is insignificant because hackers will always find an open door.
“It’s very clear that there’s a people component and a tech component,” Lloyd said. “Many breaches could be fixed with personnel training, but that doesn’t seem all that newsworthy. It’s like dentists trying to make news by saying you can prevent cavities if you floss your teeth.”