Security Sinks with Attack Volume: Report

Monday, June 5, 2017 @ 10:06 AM gHale


Organizations are constantly under attack and struggling to keep up and they often run time-consuming security investigations and fail to effectively protect themselves.

On top of that, 47 percent of security teams gather enough information about those incidents to enable appropriate or decisive action, according to an IDC survey of 600 senior security professionals from the U.S. and Europe.

RELATED STORIES
Half of Companies Don’t Have Security Insurance
App Hole Exposes Millions of Records
Android Faces New Type of Attacks
Fingerprint Support for Authenticator App

Firms experience an average of 40 actionable incidents per week, but only 27 percent think they are coping comfortably with this workload, and a third describe themselves as “struggling” or “constantly firefighting.”

In addition, 53 percent of respondents said the biggest limitation to improving security capabilities was resources are too busy on routine operations and incident investigation.

“The amount of time companies are spending on analyzing and assessing incidents is a huge problem,” said Duncan Brown, associate vice president, security practice, IDC.

“The highest-paid, most skilled staff are being tied up, impacting the cost and efficiency of security operations. This is exacerbated when considered alongside the security skills shortage, which has most impact in high-value areas like incident investigation and response,” Brown said. “Organizations must ensure that they are using their data effectively to gain key insights quickly to determine cause and minimize impact.”

Key findings from the report include:
• 62 percent of firms are being attacked at least weekly, with 30 percent attacked daily and 10 percent hourly or continuously.
• 45 percent are experiencing a rise in the number of security threats.
• Organizations experience an average of 40 actionable security alerts per week, with this number rising to 77 for finance and 124 for telco.
• Top triggers to report a security incident to the board were sensitive data breach (66 percent), compromised customer data (57 percent), and a mandated notification to a regulator (52 percent). Only 35 percent of firms have breach reporting to the board built into their defined incident response processes.

“It’s time to change how we approach incident response,” said Haiyan Song, senior vice president, security markets, Splunk, which sponsored the survey. “As attacks become more advanced, frequent, and take advantage of IT complexity, we must become proactive in our approach to security – how else will we know we have been breached? As demonstrated by the swift, global spread of WannaCry, it has never been more important for organizations to proactively monitor, analyze and investigate to verify whether there are real threats, then prioritize and remediate the most critical. By taking an analytics-driven approach, and increasingly automating when possible, security teams can shorten investigation cycles, respond quickly and appropriately in the event of a compromise, free up resources to focus on more strategic initiatives and ultimately improve security posture.”

Click here to register to download the report.



Leave a Reply

You must be logged in to post a comment.