Hackers Take the Lead in the Race with Security Experts

“Hackers Versus Enterprise Security: A Survey of IT Security Professionals,” shows that cybercriminals are starting to take the lead in their battle for supremacy with security professionals.

The paper is a result of the collaboration between RedSeal Systems and Dimensional Research in the effort of determining the size of the gap between an organization's ability to defend its networks and the ability of hackers to penetrate their protection measures.

Out of the almost 2000 IT professionals present at a conference, 75% believe that hackers have an upper hand in this modern war as they can easily deploy automated mechanisms that can evade the security implemented by an enterprise.

“Consistent application of network security controls across even medium sized networks has transcended human ability,” Dr. Mike Lloyd, Chief Technology Officer at RedSeal stated.

“For many years there’s been the notion of an arms race between IT security professionals and attackers; what this survey proves is that the good guys understand they’re facing a truly daunting task to keep up.”

The numbers show 71% of the respondents admitting to the fact that most of the weak points in their infrastructures are caused by a lack of proper configuration in their security devices.

Half of them don't even keep track of the internal hosts that are exposed to an attack originating from the internet, while most of them conceding that the large number of machines that form an organization network is one of the main factors which prevent them from maintaining a decent level of defence.

Security effectiveness measuring tools seem to be another issue, as almost half of them don't believe these measures are effective, if even possible.

“More surprising than the overwhelming perception among today’s professionals that hackers have the upper hand, based on attack automation and gaps in enterprise defense, is that so few have access to metrics that demonstrate how well security infrastructure is working,” revealed David Gehringer, Senior Research Analyst for Dimensional Research.

“The numbers bear out that there’s genuine concern among practitioners that they lack the tools and information needed to stop the threats that their organizations face.”