Vectra Research: 89% of security leaders think traditional security approaches are failing in the face of modern threats

SAN JOSE, Calif., Dec. 2, 2021 /PRNewswire/ -- Vectra AI, a leader in threat detection and response, today released a new report highlighting how today's organizations are tackling complex, modern cyberthreats. Vectra's Security Leaders Research Report found that 89% of respondents think traditional approaches don't protect against modern threats and that 'the game needs to be changed' when it comes to dealing with attackers. The report surveyed 200 IT security decision makers working at organizations with more than 1,000 employees in the UK.

The report unearths how security leaders believe legacy tooling and thinking is impeding organizations from protecting against modern threats, and that a new approach is needed to detect and stop attacks that leapfrog current tools. Key findings include:

• 76% of security decision makers say they have bought tools that failed to live up to their promise ? citing poor integration, failure to detect modern attacks, and lack of visibility as the top three reasons 
• 69% think they may have been breached and don't know about it?a third (31%) think this is "likely"
• 90% of respondents say recent high-profile attacks have meant the board is starting to take proper notice of cybersecurity
• 69% believe cybercriminals are leapfrogging current tools and that security innovation is years behind that of the hackers
• Over half (54%) now invest as much, if not more, on detection as protection, suggesting a positive shift away from prevention-first mentality   

Garry Veale, Regional Director, UK & Ireland at Vectra, commented: "Digital transformation is driving change at an ever-increasing pace. Yet companies are not the only ones innovating. Cybercriminals are too. As the threat landscape evolves, traditional defenses are increasingly ineffectual. Organizations need modern tools that shine a light into blind spots to deliver visibility from cloud to on premise. They need security leaders who can speak the language of business risk. Boards that are prepared to listen. And a technology strategy based around an understanding that it's 'not if but when' they are breached."

Security leaders are resigned to the fact that attackers are now one step ahead, with 69% of respondents believing that cybercriminals are leapfrogging current tools and that security innovation is years behind that of the hackers.

This may be in part due to legacy thinking around security and a lack of communication between security teams and the board. 58% of respondents think the board is a decade behind when it comes to security discussions, while 82% say the board's security decisions are influenced by existing relationships with legacy security and IT vendors. A further 68% say it's hard to communicate the value of security to the board, as it is notoriously difficult to measure. As a result, security leaders are more reliant than ever on their partners in the channel. 86% say they're grateful to have a channel partner they can trust to guide them, as there are so many vendors all promising to do the same thing.

From GDPR to the Network and Information Security Directive, cybersecurity practices and standards are shaped by regulation. While regulation is crucial in holding organizations accountable, the report found 58% of respondents think legislators aren't well-equipped enough to make decisions around cybersecurity matters and called for more industry input and collaboration. In addition, 43% of respondents argued that regulators don't have a strong enough understanding of life "at the coal face" to be writing in laws for cybersecurity professionals.

"With the security landscape rapidly evolving and becoming increasingly complex, more often than not the attackers hold the advantage. This means security leaders must adopt a fresh approach to security that revolves around detection and response, while moving away from prevention-first strategies," concludes Veale. "This new approach to security can create the right conditions for effective cyber-risk management but in order for the wider security industry to embrace this pro-active culture, there needs to be greater communication and consultation amongst both the board and regulators to ensure all parties are reading from the same script."

About the research

To download Vectra's Security Leaders Research Report, please click here.

You can read more in our blog "New Research uncovers how top security teams detect cyberthreats" here.

About Vectra

Vectra^® is the leader in threat detection and response ? from cloud and data center workloads to user and IoT devices. Its Cognito^® platform accelerates threat detection and investigation using AI to enrich network metadata it collects and stores with the right context to detect, hunt and investigate known and unknown threats in real time. Vectra offers four applications on the Cognito platform to address high-priority use cases. Stream^tm sends security-enriched metadata to data lakes and SIEMs. Recall^tm is a cloud-based application to store and investigate threats in enriched metadata. Detect^tm uses AI to reveal and prioritise hidden and unknown attackers at speed. And Detect for Azure Active Directory and Microsoft 365 finds and stops attacks in enterprise SaaS applications and the Microsoft 365 ecosystem. For more information, visitvectra.ai.

Media Contact:
Allison Arvanitis
Lumina Communications for Vectra
[email protected]

SOURCE Vectra