Incident response continues to grow increasingly complex
A vital task for the modern CISO and incident response team is deploying a bulletproof incident response plan to identify, address and overcome the increasingly complex threats and attacks. But even the most solid incident response plans can lack critical details, impeding how quickly business operations are restored.
67% of security professionals think that incident response is more difficult today than it was two years ago. According to a recent research study that Cybereason commissioned with Enterprise Strategy Group (ESG).
Larger attack surface increases difficulty
An increase in the number of endpoints, cloud computing and IoT applications increases an organization’s attack surface --making it more difficult to detect malicious activities and respond to events in a timely manner.
Skills becomes more acute
Incident response calls for advanced skills. It's difficult, and sometimes nearly impossible, to recruit and hire additional staff in the midst of a global cybersecurity skills shortage. Most teams are overwhelmed with day-to-day tasks and don’t have the time necessary to get the training and education required to achieve new skill sets, leaving companies at risk.
More security technology makes response harder
As an ironic twist, adding new security tools may actually hinder incident response processes. For example, 27% of survey respondents claim that their organization has deployed more security management/incident detection technologies, increasing the time/effort associated with incident response. This is because each new tool requires personnel training, custom configurations, and even integration with other cybersecurity tools. This process takes time and resources and adds complexity in understanding and reacting to actual security incidents.
The increase in threat management and security analytics tools deployed during that last couple of years cause SOCs to sort through, prioritize and respond to a growing cacophony of security alerts.
Improving incident response means tools, training and collaboration
Cybersecurity professionals have a long list of suggestions for incident response improvement including implementing better threat detection tools, establishing tools and processes to automate remediation, providing additional incident response training and improving coordination and collaboration between security and IT operations teams.
EDR is vital for complete visibility
Many organizations are using or plan to use EDR technology. While many organizations use network security analytics to investigate endpoints, less than half have deployed EDR and feel that it is an important tool to monitor endpoint behavior for threat detection and incident response. In fact, threat detection and response are the biggest priorities for endpoint security tools today.
***
About the survey:
In late 2016, the Enterprise Strategy Group (ESG) completed a research survey of 203 IT and cybersecurity professionals with knowledge of, or responsibility for, threat management and incident response at their organizations. Survey respondents were located in North America and came from organizations ranging in size: 2% of survey respondents worked at organizations with less than 700 employees, 13% of survey respondents worked at organizations with 701 to 1,499 employees, 15% worked at organizations with 1,500 to 2,499 employees, 16% of survey respondents worked at organizations with 2,500 to 4,999 employees, 19% worked at organizations with 5,000 to 9,999 employees, 12% worked at organizations with 10,000 to 19,999 employees, and 22% worked at organizations with more than 20,000 employees. Respondents represented numerous industry and government segments, with the largest participation coming from manufacturing (21%), financial (i.e., banking, securities, insurance, 17%), retail/wholesale (13%), information technology (10%), financial/banking (13%), health care (9%), and government (i.e., federal, state, local, 7%).
