Cybersecurity Is More Difficult Than 2 Years Ago

Uploaded on 2017-07-28 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Researchers at ESG have published a new research report titled, Cybersecurity Analytics and Operations in Transition, based on a survey of 412 cyber-security and IT professionals working at large mid-market (i.e. 500 to 999 employees) and enterprise (i.e. more than 1,000 employees) organisations in North America and Western Europe.

27 percent of survey respondents say cyber-security analytics and operations is much more difficult than two years ago, while another 45 percent say cyber-security analytics and operations is somewhat more difficult today than two years ago.

Why cyber-security operations are more difficult

All-told, 72 percent of cyber-security and IT professionals believe cyber-security analytics and operations is more difficult in 2017 than 2015.

Why is this the case?

The top reasons making things more difficult include:

•    The threat landscape. Survey respondents admit that it has become extremely difficult to keep up with the volume, sophistication and dynamic nature of cyber threats. In many cases, cybersecurity teams don’t have the right skills to monitor and proactively respond to changing threats, which gives the bad guys a distinct advantage.

•    Changing regulatory compliance demands. A constant stream of regulatory compliance mandates perpetually increases the workload on the security operations center (SOC) staff. With regulations like the New York State department of financial services and the general data protection regulation (GDPR) in Europe, regulatory rules and changes aren’t going to get any easier either.

•    The growing volume of security alerts. Organisations are adding new tools for threat detection, but this only increases daily security alert storms. Security analysts are then called upon to triage, investigation and prioritise these alerts. But in reality, all they can do is cherry pick and focus on obvious security incidents. This means more difficult and stealthy attacks tend to go unnoticed.

•    Gaps in security monitoring. To me, this one is pretty frightening. Cyber-security professionals admit there are systems, network segments, applications, devices, etc. that fall outside the scope of their security monitoring tools and processes.
 
Cyber-security analytics and operations suffer from "death by a thousand cuts."  CISOs often face organisational, process and technology problems that keep getting worse.

CSO Online:

You Might Also Read:

Cybersecurity Is Too Important To Leave To IT:

Three Most In-Demand Cybersecurity Jobs:

« Three Most In-Demand Cybersecurity Jobs
UK National Cyber Security Centre Has Not Certified Kaspersky »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authenware

Authenware

AuthenWare delivers the highest level of identity security based on behavioral biometrics.

National Information Security & Safety Authority (NISSA) - Libya

National Information Security & Safety Authority (NISSA) - Libya

NISSA is responsible for safeguarding the integrity, availability and resilienceof ICT infrastructure, resources, services and data in Libya.

IGX Global

IGX Global

IGX Global is a provider of information network and security integration services and products.

Quadrant Information Security

Quadrant Information Security

Quadrant Information Security is a consulting firm committed to supporting organizations in all vertical markets and protecting their sensitive data.

FoxGuard Solutions

FoxGuard Solutions

FoxGuard Solutions develops customized cyber security, compliance and industrial computing solutions for critical infrastructure entities and control system vendors.

Eseye

Eseye

Eseye is a global specialist supplier of cellular internet connectivity for intelligent IoT (Internet of Things) devices.

Network Integrated Business Solutions (NIBS)

Network Integrated Business Solutions (NIBS)

NIBS is an IT services provider offering a range of services with the aim of simplifying and securing technology.

SecureMe2

SecureMe2

SecureMe2 ‘s mission is to make organizations more responsive to digital threats by deploying smart technology in a highly accessible way.

MazeBolt Technologies

MazeBolt Technologies

Israel-based MazeBolt is an innovation leader in cybersecurity, with over two decades of experience in pioneering DDoS protection solutions.

DAtAnchor

DAtAnchor

Anchor is simply a better way to protect and control sensitive data. Zero-trust, data-centric security. Simplified.

Siege Technologies

Siege Technologies

Siege Technologies is a pioneer of multi-purpose cybersecurity products and services that enable customers to leverage both offensive and defensive technologies.

Torq

Torq

Torq's no-code automation modernizes how security & operations teams work with easy workflow building, limitless integrations and numerous pre-built templates.

Team Secure

Team Secure

Team Secure provide Enterprise-grade Cyber Security consultancy, managed security services and cyber security staffing services.

Mailinblack

Mailinblack

Mailinblack protects your organisation against email threats with an innovative solution that meets your security requirements.

Zilla Security

Zilla Security

Zilla combines identity governance with cloud security to deliver comprehensive access visibility, reviews, lifecycle management, and policy-based security remediation.

Evolver

Evolver

Evolver delivers technology services and solutions that improve security, promote innovation, and maximize operational efficiency in support of government and commercial customers.