1 in 3 security breaches go undetected

Surface-level confidence around hybrid cloud security is high, with 94% of IT and security leaders across six markets saying their security tools and processes provide them with complete visibility and insights into their IT infrastructure, according to research from Gigamon.

However, nearly one-third of security breaches aren’t spotted by IT and security professionals.

Vitreous World adopted an online methodology and surveyed 1,020 respondents across the United Kingdom, France, Germany, the United States, Australia, and Singapore (160 respondents).

Among respondents, 93% predict cloud security attacks are only going to increase, and 90% had experienced a breach in the last 18 months. 

The issue is that 31% of breaches are being identified later down the line, rather than preemptively using security and observability tools – either by data appearing on the dark web, files becoming inaccessible, or users experiencing slow application performance (likely due to DoS or inflight exfiltration). This number rises to 48% in the US, and 52% in Australia.

On the other hand, 96% of IT and Security leaders around the world believe cloud security is everyone’s responsibility, and almost all (99%) see CloudOps and SecOps working towards a common goal. 

Yet, there is still more to be done, while CloudOps seems to be leading on strategy, 99% of respondents claim a lack of a security-first culture means vulnerability detection is often siloed to the SecOps team.

The Gigamon report also identified that the key stressors for IT and security leaders in 2023 aren’t what many may have anticipated. It is unexpected blind spots (56%), legislation (34%) and attack complexity (32%) that keep CISOs and other IT leaders up at night, while a lack of cyber investment is only worrying 14% of global respondents, along with just 20% who were concerned about the ongoing skills gap. 

Only 19% claim effective security education for staff is a crucial factor for gaining confidence on IT infrastructure security. 

Respondents from France and Germany are slightly more concerned about skills, with 23% and 25% respectively stating they need access to skilled people in the cloud. 

Instead, legislation is a growing worry on a global scale, and is a particular issue for the UK and Australia — 41% in the UK and 59% in Australia see change in cyber laws and compliance as a key concern.

Survey respondents generally acknowledged blind spots across their hybrid cloud infrastructure — 70% lack visibility into encrypted data, a number that rises to 79% in Germany.

Also, 35% had limited insights into containers, which increases to 38% in France and 43% in Singapore.

Just under half (48%) had insights into laterally moving data, although the US leads the market here with 64% achieving East-West visibility.

Yet despite flagging blind spots as their leading stressor, one third of CISOs and 50% of other IT and Security leaders admit they lack confidence in knowing where their most sensitive data is stored and how it is secured.

“These findings highlight a trend of critical gaps in visibility from on-premises to cloud, the danger of which is seemingly misunderstood by IT and Security leaders around the world,” said Ian Farquhar, security CTO at Gigamon. 

“Many don’t recognize these blind spots as a threat, yet East-West traffic – laterally moving data – and encrypted traffic can be incredibly dangerous in the hybrid cloud world,” said Farquhar.