Over the last few years, the enterprise security landscape has drastically changed. According to Accenture, there are over 130 large-scale, targeted breaches in the U.S. per year, and that number is growing by 27 percent every year. Likewise, Cisco reports that 31% of organizations have experienced cyberattacks on operational technology infrastructure.
Amidst these ever-increasing cyber risks, security teams are also faced with other challenges that impede their ability to quickly and accurately respond to security threats. Recently, the SANS Institute – the most trusted and largest source of information security training in the world – conducted a survey to explore the incident response (IR) challenges facing security professionals today, to identify weak spots and provide best practices for improving IR functions and capabilities. Here are some of the results.
The skills gap
The 2019 Incident Response (IR) Survey found that the biggest challenge facing security professionals is a lack of resources. In fact, 56.8% of respondents reported that their top impediment to effective incident response was a shortage of staffing and skills. This problem has been plaguing the industry for a while but has failed to gain attention and, in turn, downstream capital outside of the security operations center (SOC). And the problem only seems to be getting worse. In fact, the security industry is currently facing negative unemployment – meaning that organizations can’t find candidates with the skills and experience they need to manage their enterprise security.
To fill this gap, many security teams are bringing in employees from other areas of the organization – such as IT – and training them on cybersecurity issues and the technologies the SOC uses.
Despite these workarounds, security teams continue to be seriously understaffed. According to the survey, the average IR team has only 2-5 members, and 77.3% of IR teams have five members or less. This includes during surge times, meaning that most organizations aren’t putting enough people resources behind the problem.
Budget challenges and automation
The second major problem facing security teams today is a lack of budget, which indicates that security may still not be taken seriously by the c-suite. With a generous Information Security team being a mere 10 percent or less of the overall IT budget, which is a fraction of the overall enterprise budget, CISO’s are frequently the last-in-line when it comes to acquiring resources that enable their cause.
And yet, the Information Security group is ultimately responsible for defensively protecting organizational intellectual property, sensitive customer and employee data, managing compliance and, where applicable, the demands of regulators. Budgets should skew towards becoming more substantive and needed resources should be made more available given the tangible revenue implications tied to the charter of a security leader. Because security teams are revenue-defending and fight to avoid losses and theft rather than generate net-new revenue for the enterprise, the push will always be an uphill battle.
In addition to these challenges, many security professionals are struggling with IR due to manual workflows and processes. The survey results show that 52.8% of organizations continue to manually “reimage or restore compromised machines from a gold baseline”. Manual workflows are a bottleneck for security effectiveness, but automation and integration help – especially when it comes to Endpoint detection and response (EDR).
It’s time for a change: Fearless Response with EnCase
Security teams are being tasked with doing more with less – and technology needs to make up the difference. This is where OpenText comes in.
Perimeter security technologies can and often fail to prevent 100% of digital compromises, and a shift to early threat discovery and awareness paired with powerful response is the way forward for savvy security leaders managing today’s threat climate.
With OpenText EnCase™ Endpoint Security, CISOs can maximize the contributions of internal security experts as well as empower junior analysts, making the most of every member of the team. EnCase reduces alert fatigue and analyst burn-out with continuous monitoring, targeted detection, alert triage and rapid response.
Amidst the skills shortage and the increase in cyber threats, OpenText EnCase Endpoint Security enables you to confidently and comprehensively remediate any threat – commodity or advanced – with fearless response.
Learn more about incident response by reading the survey, SANS 2019 Incident Response Survey: It’s Time for a Change.
You can also join me at Enfuse to learn how to meet the changing needs of the enterprise security landscape. And stay tuned for my future blog posts where I’ll dive deeper into the skills gap in the industry and the need for continuous endpoint visibility.