10 SIEM Threats To Be Aware Of

By Phoebe Fasulo

Posted on Jan 20, 2021

Stolen credentials, insider threats, cloud security—these are just some of the things that keep security professionals awake at night. With so many threat vectors to keep track of, it can be difficult to know which issues to prioritize. To make it easier, we made a list of 10 Security Information and Event Management (SIEM) threats to track, along with statistics that provide context around these important security concerns.

1. Breach Likelihood

    IronNet research suggests that many organizations may have a false sense of (cyber)security:

    • 55% of IT decision makers feel confident that their cybersecurity capabilities are as or more advanced than others in their industry.
    • In a 12-month span, respondents experienced, on average, 4 attacks on their organization, with 20% being hit 6 or more times.
    • 80% said they experienced at least one cybersecurity incident over the last 12 months that was so severe, it required a board-level meeting.

    2. Cost of a Breach

    The impact of a data breach can go well beyond direct costs such as customer notification and legal or regulatory penalties:

    • Willis Towers Watson and ESI ThoughtLab found that enterprises lose an average of $4.7 million to cybercriminals annually.
    • Deloitte research shows that hidden costs can rack up for years following a cyberattack in the form of damage to brand and consumer confidence, as well as debt financing.
    • 10 percent lose more than $10 million. (Willis Towers Watson)

    3. External Threats

    Whether hackers use brute force or exploit vulnerabilities, most breaches are driven by theft of credentials. According to Verizon:

    • More than half of the 2,013 confirmed data breaches investigated in 2018 were caused by external hacking.
    • Over 80% of hacking-related breaches involved brute force or the use of lost or stolen credentials.
    • 33% of these external attacks included a social media vector, and 28% involved malware.

    4. False Positives

      False positives aren’t just a waste of time, they diminish the accuracy of cybersecurity tools and worsen the impact of a breach by increasing attacker dwell time:

      • Cybersecurity teams must address around 4,000 cybersecurity alerts per week. (Exabeam)
      • The same report found that cybersecurity professionals spend 29% of their time chasing false positives.

      5. Phishing

      In order to gain access to a network, cyber attackers prefer the path of least resistance, which in many cases is to obtain stolen credentials via phishing campaigns:

      • More than half reported sustaining at least one successful phishing attack in 2019. (Proofpoint)
      • Social actions arrived via email 96% of the time, and through a website in 3% of cases. (Verizon)

      6. Malware

      Despite anti-malware measures, attacks are on the rise, resulting in business disruption:

      • Mimecast found that 51% of organizations experienced a ransomware attack that led to at least a partial disruption of business operations.
      • More than nine out of ten malware infections were delivered to victims via email. (Verizon)

      7. IoT

      Many security leaders struggle with a lack of visibility into IoT devices and corresponding security controls:

      • One in five respondents to a Panaseer survey indicated that IoT devices were the assets they had the least visibility into.

      According to IronNet, respondents reported facing issues with each of the following:

      • Lack of real-time visibility across industrial control systems and IoT (27%).
      • Lack of timely threat intelligence information (25%).
      • Too many cybersecurity tools and poor integration between them (24%).

      8. Encryption

      While the use of encryption is trending upward, many organizations are still behind the curve, especially when it comes to securing data within the cloud:

      • Less than half of companies have a consistent encryption plan implemented across the entire enterprise. (Ponemon)
      • 58% say their organization transfers sensitive or confidential data to the cloud whether or not it is encrypted. (Ponemon)
      • Cloud assets were involved in about 24% of breaches this year. (Verizon)

      9. Incident Response

        As infosec teams continually respond to a high volume of cyber incidents, many organizations still suffer from training gaps and improper resource allocation. Research from a 2019 BAE Systems report found that:

        • 66% of enterprises responded to between 1 and 25 cybersecurity incidents per month, while 26% faced between 25 and 99 incidents.
        • 22% of respondents only have temporary or no incident response resources.
        • 23% of incident response teams don’t conduct readiness exercises with their senior management.

        10. Insider Threats

        While awareness surrounding insider threats is growing, the actions of a compromised or malicious insider can still be difficult to differentiate from normal behavior:

        • 53% of companies found over 1,000 sensitive files to be exposed to all employees. On average, employees had access to over 17 million files. (Varonis)

        According to Verizon:

        • Three of the top five causes of security breaches were related to an insider threat.
        • In 42% of cases, insider threats go undetected for months, and in 38% of cases, years.
        • More than a third of breaches in 2018 involved an internal actor, with 39% involving organized crime groups.

        How SecurityScorecard Can Help

        While SIEM solutions help security teams aggregate threat data and analyze behavior, the data they provide doesn’t necessarily drive issue resolution. SecurityScorecard provides comprehensive visibility of your network and system vulnerabilities from a hacker’s perspective, as well as the most critical and common risks for your organization, enabling you to drill down and prioritize remediation.

        No waiting, 100% Free

        Get your personalized scorecard today

        Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.

        Get Your Free Score

        Get In Touch

        Thank you for contacting us!