Cybersecurity Is More Difficult Than 2 Years Ago
Researchers at ESG have published a new research report titled, Cybersecurity Analytics and Operations in Transition, based on a survey of 412 cyber-security and IT professionals working at large mid-market (i.e. 500 to 999 employees) and enterprise (i.e. more than 1,000 employees) organisations in North America and Western Europe.
27 percent of survey respondents say cyber-security analytics and operations is much more difficult than two years ago, while another 45 percent say cyber-security analytics and operations is somewhat more difficult today than two years ago.
Why cyber-security operations are more difficult
All-told, 72 percent of cyber-security and IT professionals believe cyber-security analytics and operations is more difficult in 2017 than 2015.
Why is this the case?
The top reasons making things more difficult include:
• The threat landscape. Survey respondents admit that it has become extremely difficult to keep up with the volume, sophistication and dynamic nature of cyber threats. In many cases, cybersecurity teams don’t have the right skills to monitor and proactively respond to changing threats, which gives the bad guys a distinct advantage.
• Changing regulatory compliance demands. A constant stream of regulatory compliance mandates perpetually increases the workload on the security operations center (SOC) staff. With regulations like the New York State department of financial services and the general data protection regulation (GDPR) in Europe, regulatory rules and changes aren’t going to get any easier either.
• The growing volume of security alerts. Organisations are adding new tools for threat detection, but this only increases daily security alert storms. Security analysts are then called upon to triage, investigation and prioritise these alerts. But in reality, all they can do is cherry pick and focus on obvious security incidents. This means more difficult and stealthy attacks tend to go unnoticed.
• Gaps in security monitoring. To me, this one is pretty frightening. Cyber-security professionals admit there are systems, network segments, applications, devices, etc. that fall outside the scope of their security monitoring tools and processes.
Cyber-security analytics and operations suffer from "death by a thousand cuts." CISOs often face organisational, process and technology problems that keep getting worse.
You Might Also Read: