Security Programs Aren’t as Efficient as IT Thinks
Operations teams are frustrated by “a façade of program maturity,” as each level of security is buffering the level above in an effort to appear more efficient.
The survey respondents identified an average of 10 new vulnerabilities per system per month,
Very large enterprises (VLEs) manage more than 1 million vulnerabilities, most of which are duplicates across common OSs and apps. Ensuring that they are properly managed and mitigated puts pressure on the staff.
Banking, finance, insurance: 82%
Manufacturing: 80%
Retail, Wholesale: 78%
Government: 67%
Infrastructure: 64%
79% of security teams said they are overwhelmed by the volume of threat alerts. As with vulnerabilities, banking, finance and insurance lead (88%), despite having the highest budgets.
All levels of security operations are being asked to increase their productivity. Manufacturing organizations are at the top for stress, possibly because they are less prepared to fight cyber-wars than their finance and government counterparts.
79% of respondents said their organization’s patching approval process was manual and involves emails, spreadsheets, and other electronic documents for tracking and approval.
The respondents said they have to manually reprioritize over half of the threat alerts they receive. This significantly raises stress and feelings of being overwhelmed.
87% of the respondents said they have a mature patching process, but 79% use emails and spreadsheets during that process, which can produce errors. This indicates respondents’ over-inflated opinions of their security programs.
30% of incident alerts are false positives, and analysts spent an average of 20 to 30 minutes investigating each incident. As a result, teams fall behind on alerts, creating a backlog of 64% of tickets.
Security systems wrongly prioritize 52% of tickets. Tools must be made smarter by providing context for the technical, financial and behavioral aspects of incidents. This will reduce false positives and misclassified alerts.