Mandiant report – critical security decisions still being made without insight into attackers

A report by global cyber security giant Mandiant – recently acquired by Google – has shed light on the fact that the majority of business decisions regarding cyber security are still being made without any real insight into WHO the attacker might be.

Further to this, the report finds that while nearly all respondents are satisfied with the quality of their threat intelligence, nearly half struggle with effectively applying it.

Specific to Australia, the research suggests that 69% of Australian security professionals feel their board still underestimates the threat of cyber-attacks, despite 22 percent of Australian respondents reporting a major security breach in the past 12 months.

The average cyber threat intelligence team in an Australian large enterprise has 13 employees – of which an overwhelming 98% feel that their organisation needs to be faster when responding to new threats. Despite this, all respondents in Australia report that they are either ‘very satisfied’ or ‘satisfied’ with the quality of their threat intelligence.

The disparity between senior leadership teams and the board they report to seems to suggest that board members feel a false sense of security about cyber threats and intelligence.

Of the factors that limit a successful cyber program, the ability to effectively apply threat intel across the organisation ranks first in Australia at 54%, followed closely by lack of talent at 49%.

Seven percent of Australian organisations are primarily concerned about the growing threats posed by rogue nation-states. Compared to threats posed by ‘hacktivists’ and financially motivated attacks, fewer Australian companies feel that they are fully prepared to combat an espionage-style attack by a rogue nation (68%).

Of the countries deemed likely to perform espionage-style activities, Russia tops the list of concern for Australian companies with 47% of respondents citing that they feel less likely to be able to defend themselves from an attack by Russian operatives, closely followed by North Korea at 45%.

The report – titled “Global Perspectives on Threat Intelligence” is based on a global survey of 1,350 cyber security decision makers across 13 countries and 18 sectors – including financial services, healthcare and government.

According to the survey, 67% of cyber security decision makers globally believe senior leadership teams still underestimate the cyber threat posed to their organisations, while more than two-thirds (68%) agree their organisation needs to improve its understanding of the threat landscape.

However, despite these concerns, security decision makers remain optimistic regarding the effectiveness of their cyber defences. When asked about confidence in whether their organisation is fully prepared to defend itself against different cyber security events, respondents felt most confident in tackling financially motivated threats, such as ransomware (91%), followed by those conducted by a hacktivist actor (89%) and nation-state actor (83%).

Sandra Joyce, Vice President, Mandiant Intelligence at Google Cloud comments:

“A conventional, check-the-box mindset isn’t enough to defend against today’s well-resourced and dynamic adversaries. Security teams are outwardly confident, but often struggle to keep pace with the rapidly changing threat landscape. They crave actionable information that can be applied throughout their organisation. As our ‘Global Perspectives on Threat Intelligence’ report demonstrates, security teams are concerned that senior leaders don’t fully grasp the nature of the threat. This means that critical cyber security decisions are being made without insights into the adversary and their tactics.”

Read the full report here: