ESG recently published a new research report titled, Cybersecurity Analytics and Operations in Transition. The report is based upon a survey of 412 cybersecurity and IT professionals directly involved in their organization’s security operations processes.
As part of the survey, respondents were presented with several statements and asked whether they agreed or disagreed with each. Here are a few of those statements with my analysis.
73% of survey respondents strongly agreed or agreed with the statement: Business management is pressuring the cybersecurity team to improve security analytics and operations. If you want proof that cybersecurity is a boardroom-level issue today, here it is. The good news is that the survey also indicates 81% of organizations plan to increase their security operations budget so business executives are willing to throw money at the problem. The bad news is that the cybersecurity team is now on the hook to deliver measurable improvements and ROI.
72% of survey respondents strongly agreed or agreed with the statement: My organization’s security analytics and operations are anchored by a few key individuals. Danger, Will Robinson! This indicates that a few critical SOC personnel can make or break security operations processes – a risky situation given the global cybersecurity skills shortage. If experienced incident responders walk out the door, organizations could be in big trouble. CISOs must address this situation by introducing formal security operations processes and bolstering the productivity of junior SOC staff as soon as possible.
66% of survey respondents strongly agreed or agreed with the statement: Security analytics and operations effectiveness is limited because it is based upon multiple independent point tools. This is why organizations are consolidating tools and vendors. Additionally, 71% are actively building a SOAPA by integrating point tools together.
60% of survey respondents strongly agreed or agreed with the statement: Security analytics and operations effectiveness is limited because it is based upon too many manual processes. A real problem as manual processes can’t scale to meet today’s security operations needs. This is why we see so much activity in security operations automation and orchestration.
59% of survey respondents strongly agreed or agreed with the statement: Security analytics and operations effectiveness is limited due to problems in the working relationship between cybersecurity and IT operations team. Remediating security problems is a team sport, involving cybersecurity and IT operations teams, so problems here equate to increased risk. This is why security vendors like Arbor Networks (NetScout), Cisco, Resolve Systems, and ServiceNow offer tools and expertise to help bridge gaps between the two groups. CISOs must work with CEOs to address collaboration, communications, and compensation issues and get these teams working better together.
58% of survey respondents strongly agreed or agreed with the statement: Security analytics and operations effectiveness is limited because of employee skills gaps. Ah, the pervasive skills shortage again. CISOs must assess team skills and either increase headcount appropriately or find service providers for staff augmentation or outsourcing.
I realize that a lot of these issues are well known but I believe they bear repeating. Beside, lots of organizations suffer from many of these conditions making security operations improvement quite challenging.
CISOs must avoid the temptation to address these issues by purchasing/deploying the latest security operations tool du jour peddled by the Sand Hill Rd. crowd. Rather, security executives must build a 2 to 3-year strategy to modernize and formalize security operations if they want to truly improve efficacy, efficiency, and employee productivity.