Security Programs Aren’t as Efficient as IT Thinks

Security Programs Aren’t as Efficient as IT Thinks

Security Programs Aren't as Efficient as IT ThinksSecurity Programs Aren’t as Efficient as IT Thinks

Operations teams are frustrated by “a façade of program maturity,” as each level of security is buffering the level above in an effort to appear more efficient.

Too Many VulnerabilitiesToo Many Vulnerabilities

The survey respondents identified an average of 10 new vulnerabilities per system per month,

Redundant Vulnerabilities Create StressRedundant Vulnerabilities Create Stress

Very large enterprises (VLEs) manage more than 1 million vulnerabilities, most of which are duplicates across common OSs and apps. Ensuring that they are properly managed and mitigated puts pressure on the staff.

Vulnerabilities by IndustryVulnerabilities by Industry

Banking, finance, insurance: 82%
Manufacturing: 80%
Retail, Wholesale: 78%
Government: 67%
Infrastructure: 64%

Overwhelmed by Threat AlertsOverwhelmed by Threat Alerts

79% of security teams said they are overwhelmed by the volume of threat alerts. As with vulnerabilities, banking, finance and insurance lead (88%), despite having the highest budgets.

Do More, Faster!Do More, Faster!

All levels of security operations are being asked to increase their productivity. Manufacturing organizations are at the top for stress, possibly because they are less prepared to fight cyber-wars than their finance and government counterparts.

Manual Patching Drives StressManual Patching Drives Stress

79% of respondents said their organization’s patching approval process was manual and involves emails, spreadsheets, and other electronic documents for tracking and approval.

Too Many Alerts Cause StressToo Many Alerts Cause Stress

The respondents said they have to manually reprioritize over half of the threat alerts they receive. This significantly raises stress and feelings of being overwhelmed.

Over-Inflated OpinionsOver-Inflated Opinions

87% of the respondents said they have a mature patching process, but 79% use emails and spreadsheets during that process, which can produce errors. This indicates respondents’ over-inflated opinions of their security programs.

Inefficient Alert SystemsInefficient Alert Systems

30% of incident alerts are false positives, and analysts spent an average of 20 to 30 minutes investigating each incident. As a result, teams fall behind on alerts, creating a backlog of 64% of tickets.

Wasted TimeWasted Time

Security systems wrongly prioritize 52% of tickets. Tools must be made smarter by providing context for the technical, financial and behavioral aspects of incidents. This will reduce false positives and misclassified alerts.

Karen A. Frenkel
Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles