Over the last decade, hackers and attackers have grown smarter and better organized, while technology, systems and software continue to expose new and seemingly larger vulnerabilities.
A just released report from Hewlett Packard Enterprise (HPE), State of Security Operations2016, puts a magnifying glass to today’s increasingly volatile threat landscape. After examining 114 discreet security operations centers (SOC) in 26 countries, HPE Security Intelligence and Operations Consulting (SIOC) found that 85 percent of organizations fall below recommended maturity levels.
The bottom line? While organizations are investing heavily in cyber-security, there’s often little or no payoff. In many instances, a lack of skilled resources combined with the deployment of advanced solutions in the absence of a solid SOC foundation produces subpar results, the research found.
In fact, only 15 percent of organizations met minimum maturity model (SOMM) level 1 standards in 2015 (meaning that minimum requirements to provide security monitoring are met, though nothing is documented and actions are ad hoc). That is down from an average of 25 percent over the last five years.
The report also identified some interesting trends.
*A shift in thinking to “we’ve already been breached” has fueled adoption of hunt teams and analytics solutions, though most organizations aren’t currently equipped to benefit from these tools and programs.
*Access to skilled security resources continues to challenge business and IT leaders. In order to deal with this problem, organizations are using hybrid staffing and hybrid security infrastructure models. These new models require less in-house expertise while retaining control over critical pieces of the security organization’s detection capability.
*The number of organizations recognizing the true financial impact of a breach is growing dramatically. However, somewhat understandably, organizations that have been directly impacted by a malicious attack or breach are far more likely to achieve a higher maturity level.
Finally, HPE noted that some organizations use SOC as a competitive advantage, there’s a growing willingness to share threat information, and enterprises are increasingly turning to tools such as incident response case management and operational orchestration to automate manual post detection activities.
The report concludes that “industry continues to evolve toward a business mindset for security. This is seen through investment patterns, report-to chains, and stakeholder involvement. However, this has not made a great impact on overall maturity scores due to the continued focus on technology. People and process aspects of security operations still lag behind in capabilities and efficacy. This has a direct impact on the length of time it takes to identify and remediate breaches.”