Cybersecurity professionals admit it takes too long and costs too much to detect and respond to security incidents.
After a week away from all things cybersecurity, I’m back at work and focusing on security analytics and operations again. Alarmingly, most organizations readily admit to problems in this area. For example, a recent ESG research survey of 412 cybersecurity and IT professionals identified some of the biggest security analytics and operations challenges. Some of the survey results:
- 30% of respondents say their biggest cybersecurity operations challenge is the total cost of operations (TCO). What does this mean? Based upon my qualitative interviews with CISOs as part of this project, many organizations are spending lots of money on security operations but attaining marginal results. CISOs are willing to invest more but want to see vast improvements in security operations efficacy and efficiency for their money.
- 27% of respondents say their biggest cybersecurity operations challenge is that the SOC team spends most of its time on high-priority/emergency issues and not enough time on strategy and process improvement. Imagine the work environment at these organizations — constant firefighting, high stress, employee burnout, and staff attrition. This alarming situation is not exactly a recipe for success.
- 23% of respondents say their biggest cybersecurity operations challenge is that it takes too long to remediate security incidents. Many of these firms have too many manual processes or a rocky relationship between security and IT operations teams. Either way, lengthy remediation cycles leave organizations at risk.
- 21% of respondents say their biggest cybersecurity operations challenge is that their organization does not have the tools and processes in place to operationalize threat intelligence, making it difficult to compare on-premises security issues with what’s happening “in the wild.” Operationalizing threat intelligence remains a difficult task, requiring advanced skills and the right tools. This is one reason why threat intelligence platforms (TIPs) and managed services are gaining traction.
- 21% of respondents say their biggest cybersecurity operations challenge is that their organization doesn’t have the appropriate skills or staff size to keep up with all the tasks associated with security analytics and operations. Ah, the global cybersecurity skills shortage rears its ugly head yet again. Little wonder then why security services revenue is growing twice as fast as security product revenue.
- 21% of respondents say their biggest cybersecurity operations challenge is that their organization has added new network hosts, applications and/or users, so it is difficult for the cybersecurity team to keep up with the scale of IT infrastructure. In this case, IT and cybersecurity priorities remain out of sync. Here’s one of Oltsik’s laws: When you ask the cybersecurity staff to play catch up, it never, ever actually catches up.
- 21% of respondents say their biggest cybersecurity operations challenge is that security alerts don’t provide enough context or fidelity, so it’s difficult to know what to do with them. This is one reason why the industry is gaga over automation/orchestration tools, as they can help combine, enrich and contextualize the increasing flood of prosaic security alerts.
As the ESG research indicates, when it comes to cybersecurity operations, many organizations suffer from “death by a thousand cuts” syndrome with multiple issues across people, processes and technologies. Given that, CISOs should think in terms of three-year strategic security operations planning rather than adding the latest next-generation security tool and only exacerbating operational inefficiencies.