By Sanjay Raja, Gurucul
Recently at the RSA Conference, we (Gurucul) conducted a survey to discover what the attendees felt were the biggest threats to their security operations. We wanted to better understand the key challenges when detecting new and emerging threats, how long it takes teams to detect these threats, where the biggest threats emanate from, and more. Let’s dive into the results.
When asked about the biggest challenge in detecting new and emerging threats, only 9% of respondents felt they lacked effective tools. Surprisingly, 43% said that having too many disparate tools that need to be manually looked at it is impacting their ability to effectively identify threats. Although organizations might feel that adding additional tools to the security mix would create a more secure environment, this survey of security professionals shows it may reduce their overall cybersecurity posture. In addition to an overabundance of tools, 19% reported feeling overwhelmed by the number of unprioritized alerts and 11% reported having a lack of security talent. The outputs of all these tools do not seem to be accurate or focused enough to help security professionals do their jobs better.
When asked how long it takes for teams to remediate threats, 33% said it still takes them days and weeks to detect threats, with 6% saying they are still unable to detect threats at all. With the tools and managed services available today, no organization should be in a position where they are unable to detect threats that could seriously affect their business.
So, where do threats come from? Over 70% of respondents saw their biggest cybersecurity challenges emanating from external threats such as ransomware. But the most interesting stat is that just over 25% selected insider threats, even though 98% of companies are known to be vulnerable to insider threats and those threats increased by 47% over the past two years. There seems to be a disconnect here with security pros not taking insider threats as seriously as they should.
We also wanted to understand what’s changed for the better and worse over the last two years. Most respondents agreed that both security tools (34%) and people’s awareness and knowledge (25%) have changed for the better. This could be because many organizations had to pivot quickly during the pandemic to enable business to continue as normal working practices dramatically changed. What’s gotten worse? A quarter of respondents selected the threat landscape, which is unsurprising, considering the constant evolution of threat actors and their tactics. This was followed by 23% believing that people and talent also have deteriorated.
We also felt it was important to ask attendees about the top resources they are trying to protect. The results showed that just over 40% see their business data (EPIC, O365, SAP, etc.) as their crown jewels, meaning they invest most of their spending into securing these. The second highest resource appears to be employee/customer data (29%), followed by intellectual property (17%).
The obvious next question was about spending. More than 33% of those surveyed admitted to having spent hundreds of thousands of dollars in trying to remediate threats (with 15% spending millions). This demonstrates the extent that organizations are willing to go to protect themselves against malicious actors, while also hinting that many of the chosen solutions potentially don’t deliver the expected results. How much of that spend do they feel has been wasted trying to remediate threats? A quarter of respondents admitted they feel they have wasted 50% of their spending on remediating threats (while 31% have wasted 25%, and 14% have wasted 75%). Clearly, some of these solutions are not meeting the real-world needs of the modern SOC.
Finally, we asked attendees what would most improve the effectiveness of their SOC. More than 28% focused on speed, stating that quickly identifying and addressing new, emerging, and unknown threats would improve the effectiveness of their SOC. Additionally, 22% acknowledged that enabling automated response would also help.
SOC teams are facing a variety of new challenges from evolving techniques to talent shortages to an overabundance of tools. Better understanding these challenges can help us all work together to ensure we’re delivering the tools and resources security professionals need to keep organizations secure. To read the entire report, click here.
About The Author
Sanjay Raja is VP of Products at Gurucul.