Attacks on Rise, Incident Response Tougher

Thursday, March 17, 2016 @ 03:03 PM gHale


Incident response (IR) for security professionals has become more difficult because of an increasing number of IT initiatives and security alerts, a new study found.

Over 66 percent of respondents said it has become difficult for enterprises to handle incident response over the past two years.

RELATED STORIES
Attacking an ICS from ‘Inside Out’
ICS-CERT BlackEnergy Report
Breach at IN Utility
Tracking ICS Threats Difficult

The main factors for those conclusions have been the hike in IT initiatives, additional security management and incident detection technologies, more security alerts and an increased difficulty in prioritizing them. A quarter of respondents also attributed this trend to the specialized skills needed for incident response.

The research, conducted earlier this year by security automation and orchestration company Phantom and IT analyst and business strategy firm Enterprise Strategy Group (ESG), is the result of a survey from 125 IT and security professionals involved in incident response processes and technologies.

The study found 74 percent of large enterprises regularly ignore security alerts as they seek to prioritize investigations and manage their security team’s workload. On top of that, 31 percent said they ignored at least half of all security alerts because of the large volume.

The biggest challenges involving incident response are monitoring IR processes from end-to-end, keeping up with the high volume of security alerts and external threat intelligence, the lack of integration of IR tools, maintaining the required skills, the skill gap between junior and senior incident responders, and coordination between IT and security teams.

Executives seem to be aware of the risks posed by incident response issues, with 80 percent stating they plan on increasing IR spending over the next two years. A majority of organizations have already started automating and orchestrating incident response processes, or at least they have shown interest in doing so.

The IR strategies outlined by executives include providing specialized training to IT and security staff, automating IR tasks as much as possible, and hiring more personnel.

Respondents said IR automation and orchestration could help automate simple remediation tasks, formalize workflows, and lead to improved integration of security tools.

The respondents of this study are from North American companies with 1,000 to more than 20,000 employees, in sectors such as manufacturing, financial services, communications and media, business services, and retail/wholesale.

Click here to view the study.