1 out of 3 breaches go undetected

Organizations continue to struggle in detecting breaches as they become more targeted and sophisticated, with more than 1 out of 3 organizations citing their existing security tools were unable to detect breaches when they occur, according to Gigamon.

As hybrid cloud environments grow in complexity and bad actors launch a barrage of unseen attacks, 65% of respondents believe that their existing solutions cannot effectively detect breaches.

Organizations struggle in detecting breaches

Security and IT leaders are at a crucial juncture. 83% of respondents believe that cloud complexity is increasing their cyber risk, and the spectre of AI-powered attacks looms globally. 8 out of 10 respondents predict that AI will increase the global ransomware threat. And yet, despite global information security spending projected to reach $215 billion in 2024, only 54% of organizations feel “strongly prepared” to respond to unauthorised access in hybrid cloud environments.

Survey respondents generally acknowledge weaknesses in their threat detection tools. Just 1 out of 4 were able to remediate a live threat in a recent breach – while this rises to 30% in Germany, it falls to just one-fifth in Australia and Singapore.

31% of organizations only detected a recent breach when they received an extortion threat from the adversary. 31% became aware only once proprietary information leaked onto the dark web. This is much lower in France and the UK (around 1 in 5) but hits a concerning 42% among Australian respondents.

25% of respondents failed to determine the root of the breach, increasing to one-third of Australian, Singaporean, and US respondents.

Complex hybrid cloud infrastructure contributes to organizations’ lack of control. Despite 85% describing cloud security as a boardroom priority, hybrid cloud visibility continues to be an issue.

Three-quarters of respondents agree that East-West (lateral) visibility is more important to cloud security than North-South, yet just 40% have visibility into East-West traffic, down from 48% in 2023. Lateral visibility is lowest in the UK (30%), while almost half report visibility in Australia and Singapore.

Encryption poses another serious blind spot

Despite researchers suggesting that 93% of malware attacks hide in encrypted traffic, a shocking 76% of Gigamon respondents currently trust that encrypted traffic is secure.

When breaches are missed, tool strategies are firmly in the spotlight. 80% agree that achieving unified visibility into hybrid cloud infrastructure – delivering network-derived intelligence to log-based security tooling – is key to preventing attacks.

6 out of 10 believe that greater visibility into all data in motion will empower them to securely deploy AI technology. As a result, 80% agree that deep observability is a board-level priority. While Germany shows the lowest board-level awareness at 72%, 89% of boards in the US are discussing the topic.

“Cyber risk is firmly in the spotlight this year, with governments and boardrooms finally recognising its place at the very top of the business risk register. And yet cybercriminals are evading detection over a third of the time,” commented Mark Jow, EMEA Technical Evangelist at Gigamon.

“Today’s MELT- based (Metrics, Events, Logs, and Traces) approaches are no longer enough, as organizations need 360-degree visibility across the hybrid cloud. Whether organizations are fending off AI-powered attacks, integrating AI-powered solutions into hybrid cloud environments, or seeking to establish zero trust, deep observability is fundamental to success,” added Jow.

CISOs bear the brunt

The survey results highlight that CISOs continue to bear the burden of regulatory and technological pressures, with 59% reporting that they would be most empowered by cyber risk becoming a board priority.

Some 69% report they struggle to detect encrypted threats, compared to 59% of the total respondents, and an alarming 7 out of 10 of CISOs believe their tools aren’t as effective as they could be in detecting breaches. Detection is not their only concern: three-quarters of CISOs report their security teams being overwhelmed by sprawling tool stacks, 11% higher than their C-Suite colleagues.

“It is clear for CISOs that organizations’ tool stacks are falling short,” said Chaim Mazal, CSO at Gigamon. Security leaders are under pressure from governments to reduce cyber risk. But without real-time, network-derived intelligence and insights into all data in motion, including East-West and encrypted traffic, bad actors will continue to wreak havoc, now with AI accelerating their efforts.”

The data is based on findings of an online survey of 1,033 global respondents.