Securing the modern enterprise means doing more with less

Over the last few years, the enterprise security landscape has drastically changed. According to Accenture, there are over 130 large-scale, targeted breaches in the U.S….

OpenText Security Cloud Team profile picture

OpenText Security Cloud Team

October 31, 20194 minutes read

Descriptive text explaining the contents of the image.

Over the last few years, the enterprise security landscape has drastically changed. According to Accenture, there are over 130 large-scale, targeted breaches in the U.S. per year, and that number is growing by 27 percent every year. Likewise, Cisco reports that 31% of organizations have experienced cyberattacks on operational technology infrastructure.

Amidst these ever-increasing cyber risks, security teams are also faced with other challenges that impede their ability to quickly and accurately respond to security threats. Recently, the SANS Institute – the most trusted and largest source of information security training in the world – conducted a survey to explore the incident response (IR) challenges facing security professionals today, to identify weak spots and provide best practices for improving IR functions and capabilities. Here are some of the results.

The skills gap

The 2019 Incident Response (IR) Survey found that the biggest challenge facing security professionals is a lack of resources. In fact, 56.8% of respondents reported that their top impediment to effective incident response was a shortage of staffing and skills. This problem has been plaguing the industry for a while but has failed to gain attention and, in turn, downstream capital outside of the security operations center (SOC). And the problem only seems to be getting worse. In fact, the security industry is currently facing negative unemployment – meaning that organizations can’t find candidates with the skills and experience they need to manage their enterprise security.

To fill this gap, many security teams are bringing in employees from other areas of the organization – such as IT – and training them on cybersecurity issues and the technologies the SOC uses.

Despite these workarounds, security teams continue to be seriously understaffed. According to the survey, the average IR team has only 2-5 members, and 77.3% of IR teams have five members or less. This includes during surge times, meaning that most organizations aren’t putting enough people resources behind the problem.

Budget challenges and automation

The second major problem facing security teams today is a lack of budget, which indicates that security may still not be taken seriously by the c-suite. With a generous Information Security team being a mere 10 percent or less of the overall IT budget, which is a fraction of the overall enterprise budget, CISO’s are frequently the last-in-line when it comes to acquiring resources that enable their cause.

And yet, the Information Security group is ultimately responsible for defensively protecting organizational intellectual property, sensitive customer and employee data, managing compliance and, where applicable, the demands of regulators. Budgets should skew towards becoming more substantive and needed resources should be made more available given the tangible revenue implications tied to the charter of a security leader. Because security teams are revenue-defending and fight to avoid losses and theft rather than generate net-new revenue for the enterprise, the push will always be an uphill battle.

In addition to these challenges, many security professionals are struggling with IR due to manual workflows and processes. The survey results show that 52.8% of organizations continue to manually “reimage or restore compromised machines from a gold baseline”. Manual workflows are a bottleneck for security effectiveness, but automation and integration help – especially when it comes to Endpoint detection and response (EDR).

It’s time for a change: Fearless Response with EnCase

Security teams are being tasked with doing more with less – and technology needs to make up the difference. This is where OpenText comes in.

Perimeter security technologies can and often fail to prevent 100% of digital compromises, and a shift to early threat discovery and awareness paired with powerful response is the way forward for savvy security leaders managing today’s threat climate.

With OpenText EnCase™ Endpoint Security, CISOs can maximize the contributions of internal security experts as well as empower junior analysts, making the most of every member of the team. EnCase reduces alert fatigue and analyst burn-out with continuous monitoring, targeted detection, alert triage and rapid response.

Amidst the skills shortage and the increase in cyber threats, OpenText EnCase Endpoint Security enables you to confidently and comprehensively remediate any threat – commodity or advanced – with fearless response.

Learn more

Learn more about incident response by reading the survey, SANS 2019 Incident Response Survey: It’s Time for a Change.

You can also join me at Enfuse to learn how to meet the changing needs of the enterprise security landscape. And stay tuned for my future blog posts where I’ll dive deeper into the skills gap in the industry and the need for continuous endpoint visibility.

Share this post

Share this post to x. Share to linkedin. Mail to
OpenText Security Cloud Team avatar image

OpenText Security Cloud Team

See all posts

More from the author

Dissecting IcedID behavior on an infected endpoint

Dissecting IcedID behavior on an infected endpoint

IcedID, also known as BokDot, is a banking trojan that was first discovered in 2017. It targets a victim’s financial information and it is also…

March 30, 2023 4 minutes read
Technology meets tenacity

Technology meets tenacity

Technology alone won’t defeat cybercriminals. Effective cybersecurity isn’t something you buy off the shelf, set, and forget. To secure your data, you must be proactive,…

November 3, 2022 4 minutes read
OpenText MxDR platform: a team player

OpenText MxDR platform: a team player

There’s a truism in the cybersecurity sector that says enterprise technology stacks are so large because the market demanded big-stack solutions. Convenience, fiscal constraints, and…

November 1, 2022 3 minutes read

Stay in the loop!

Get our most popular content delivered monthly to your inbox.