Let’s be honest, life has never been easy for operational security teams.
Even on the best day it’s a race against time to identify and resolve incidents before they cause any serious harm.
Unfortunately, things are only getting harder. As each year passes security teams face mounting pressure as their workload rises, while the consequences of making a mistake become increasingly dire.
In our opinion, here are the top five challenges facing security teams.
Industry experts have been writing about the unprecedented volume of cyber attacks for years.
Why? Because the volume of attacks just keeps going up. Even worse, the sophistication of attacks is also rising as threat groups refine their tactics to maximize profitability.
To help you understand the extent of the problem:
The result? Cybersecurity Ventures predict the global cost of cyber crime will reach $6 trillion by 2021, meaning it will have doubled since 2015.
In short, the goalposts for cyber security never stop moving, which makes it extremely difficult for operational security teams to stay ahead of cyber threats.
As if that weren’t enough, security teams are also forced to contend with business environments that are constantly shifting and evolving. New technologies like IoT, OT, cloud, and blockchain have tremendous business applications, but they also create a huge amount of work for security teams to properly secure and monitor them.
As an example, in 2017 alone attacks on IoT infrastructure rose by 600%. That’s a huge additional pressure on already-strained security teams and resources. Unsurprisingly, security teams are also rapidly acquiring new technologies. A 2018 study by Cisco found that 41% of organizations have implemented security technologies from as many as 50 different providers. As valuable as these tools are, that’s an incredible level of complexity for any team to handle.
This added complexity (which is becoming more cumbersome every year) takes its toll in the form of lost time. Just switching between windows and transferring data from one system to another can cost analysts hours each day.
What happens when workload volume and complexity consistently rises? People become overwhelmed.
In the security world we call this “alert fatigue” — Analysts are forced to handle so many alerts (many of which are false positives) that they simply cannot cope and are forced to leave many unchecked.
According to research by Imperva, the average security team receives more than 10,000 alerts per day. An incredible 27% of enterprise security teams receive more than 1 million alerts per day.
As a result, 79% of security teams feel overwhelmed by the volume of threat alerts they receive, and Cisco report that the average cyber security professional is forced to ignore nearly half of all alerts they receive. Of alerts that are triaged, 28% are deemed a legitimate threat, but only 46% of those can be remediated.
Yes, you read that correctly: More than half of identified legitimate threats are left unresolved.
Naturally, this has huge ramifications for data security. According to the IBM (formerly Ponemon) Cost of Data Breach Study, it takes an average of 197 days to identify a data breach and a further 69 days to resolve it.
Meanwhile, threat groups have no such constraints. Once a hacker has obtained a foothold inside a target network, they can often achieve compromise within just a few minutes.
As if all that weren’t enough, the consequences of missing an important security alert are getting worse by the year. New industry regulations like the GDPR and 2018 California Consumer Privacy Act are forcing security teams to work even harder by tightening requirements and drastically increasing the penalties for non-compliance.
Under the GDPR, organizations can be fined €20 million (~ $22.4 million) or 4% of annual revenues (whichever is higher) if they fail to adhere to their regulatory requirements. Uber were first to feel the “bite” of harsher legislation — albeit they had made life harder for themselves by attempting to cover the breach up — when they were fined $148 million for their 2016 data breach. This is the largest fine we’ve seen to date, but it probably won’t remain so for long.
Note that while Equifax and Facebook were both fined £500,000 (~ $640,000) by the UK regulator ICO, these figures would have been much higher if their breaches had occurred after the GDPR implementation date in May 2019. You can expect to see some truly outrageous fines being levelled at the next major company to experience a data breach.
Naturally, these harsher sanctions have caused board members in every industry to pay closer attention to security, further ramping up the pressure on operational security teams.
This is the big one. The final nail in the coffin.
(ISC)² estimate that during 2018 the cyber security skills gap reached an incredible 3 million posts. That means globally there are 3 million cyber security posts that can’t be filled because there simply aren’t enough security professionals to fill them.
Even worse, this gap is still growing. (ISC)² themselves has previously predicted a shortfall of 1.8 million by 2022, and Forrester have also repeatedly been forced to revise their estimates.
According to annual reports from ESG, the percentage of organizations struggling to fill cyber security roles has risen annually for the past five years, from 42% in 2015 to 53% in 2019.
The result: Not only are security teams under more pressure than ever before, they also can’t find personnel with the talent and experience needed to fulfil essential security functions.
If the skills gap teaches us anything, it’s that more manpower isn’t the answer to security woes. It can’t be the answer, because more manpower simply isn’t an option. So where does that leave us? Simply put, as an industry we need to use technology to reduce, simplify, and support the workload of human security professionals. At a minimum, we need to see:
Over the next two weeks we’ll take a look at what technology can do to reduce the burden on security teams, and improve security outcomes across the board.
First up: How security orchestration can help security teams save time and improve efficiency. Stay tuned.