A global survey of more than 1,033 security and IT leaders published today finds nearly two-thirds (65%) lack confidence that their existing security tooling cannot effectively detect breaches.

Conducted by the market research firm Vitreous World on behalf of Gigamon, a network and security management platform provider, the survey also a little more than half (54%) feel their organization is strongly prepared to respond to unauthorized access to their hybrid cloud environments.

Cybersecurity Teams Struggle to Secure IT Environments

Chaim Mazal, chief security officer for Gigamon, said the survey results make it clear IT and their cybersecurity colleagues are struggling to secure IT environments that continue to become more complex.

The survey finds three-quarters of respondents (75%) agree that East-West (lateral) visibility is more important to cloud security than North-South visibility. However, only 40% said they have visibility into East-West traffic. In effect, many organizations are unable to track interactions with their IT environments beyond the point of initial access, noted Mazal.

Nearly two-thirds (64%) also expect that implementing zero-trust policies will become a mandate within the next two years. A full 80% said zero-trust is one of their key priorities over the next 18 months. However, more than three-quarters (76%) also implicitly trust encrypted traffic even though 59% admit they struggle to identify encrypted threats, the survey also notes.

More troubling still, only a quarter (25%) can remediate a live threat following a breach. Just under a third (31%) admit they can only detect a recent breach once they received an extortion threat from the adversary. An equal percentage only became aware of the breach when proprietary information leaked onto the dark web.

A quarter (25%) also admit they ultimately failed to determine the root cause of the breach, the survey finds.

Not surprisingly, a full 80% said achieving unified visibility into hybrid cloud infrastructure is key to preventing attacks, with an equal percentage noting that deep observability is now a board-level priority.

A full 95% said their organization is planning to address visibility gaps. However, budgets are split, with money being spent on security automation and AI (54%), investing in new tools (53%) and tool consolidation/optimization (52%). A total of 87% continue to invest in tools even though 69% report being overwhelmed by tool sprawl.

Unfortunately, the state of cybersecurity may deteriorate further in the age of artificial intelligence (AI). A full 82% of respondents said AI will increase the global ransomware threat. AI is, in effect, a force multiplier that will be used by defenders and adversaries alike, noted Mazal. The issue is to what degree will one side or the other benefit from those advances soonest, he added. If cybersecurity teams are to have a fighting chance, they need to be able to aggregate data in a way that can be used to train AI models, Mazal noted.

Each organization will need to decide how best to allocate limited budgets, but the one thing that is clear is the size of the attack surface that needs to be defined is only going to increase. The challenge is even with the aid of AI there still may not be enough expertise to defend endpoints that once compromised too often still provide almost unfettered access to entire IT environments.