Security Programs Aren't as Efficient as IT Thinks

 
 
By Karen A. Frenkel  |  Posted 07-03-2017 Email
 
 
 
 
 
 
 
 
 
  • Previous
    Security Programs Aren't as Efficient as IT Thinks
    Next

    Security Programs Aren't as Efficient as IT Thinks

    Operations teams are frustrated by "a fa├žade of program maturity," as each level of security is buffering the level above in an effort to appear more efficient.
  • Previous
    Too Many Vulnerabilities
    Next

    Too Many Vulnerabilities

    The survey respondents identified an average of 10 new vulnerabilities per system per month,
  • Previous
    Redundant Vulnerabilities Create Stress
    Next

    Redundant Vulnerabilities Create Stress

    Very large enterprises (VLEs) manage more than 1 million vulnerabilities, most of which are duplicates across common OSs and apps. Ensuring that they are properly managed and mitigated puts pressure on the staff.
  • Previous
    Vulnerabilities by Industry
    Next

    Vulnerabilities by Industry

    Banking, finance, insurance: 82% Manufacturing: 80% Retail, Wholesale: 78% Government: 67% Infrastructure: 64%
  • Previous
    Overwhelmed by Threat Alerts
    Next

    Overwhelmed by Threat Alerts

    79% of security teams said they are overwhelmed by the volume of threat alerts. As with vulnerabilities, banking, finance and insurance lead (88%), despite having the highest budgets.
  • Previous
    Do More, Faster!
    Next

    Do More, Faster!

    All levels of security operations are being asked to increase their productivity. Manufacturing organizations are at the top for stress, possibly because they are less prepared to fight cyber-wars than their finance and government counterparts.
  • Previous
    Manual Patching Drives Stress
    Next

    Manual Patching Drives Stress

    79% of respondents said their organization's patching approval process was manual and involves emails, spreadsheets, and other electronic documents for tracking and approval.
  • Previous
    Too Many Alerts Cause Stress
    Next

    Too Many Alerts Cause Stress

    The respondents said they have to manually reprioritize over half of the threat alerts they receive. This significantly raises stress and feelings of being overwhelmed.
  • Previous
    Over-Inflated Opinions
    Next

    Over-Inflated Opinions

    87% of the respondents said they have a mature patching process, but 79% use emails and spreadsheets during that process, which can produce errors. This indicates respondents' over-inflated opinions of their security programs.
  • Previous
    Inefficient Alert Systems
    Next

    Inefficient Alert Systems

    30% of incident alerts are false positives, and analysts spent an average of 20 to 30 minutes investigating each incident. As a result, teams fall behind on alerts, creating a backlog of 64% of tickets.
  • Previous
    Wasted Time
    Next

    Wasted Time

    Security systems wrongly prioritize 52% of tickets. Tools must be made smarter by providing context for the technical, financial and behavioral aspects of incidents. This will reduce false positives and misclassified alerts.
 

Operations teams are frustrated and stressed due to "a façade of program maturity," as each level of security is buffering the level above from many stress-related issues in an effort to appear more efficient, according to a new study. This results in an "overinflated opinion of program security program maturity," said the authors of "A Day in the Life of a Cybersecurity Pro," a study commissioned by Bay Dynamics. To understand what management and personnel working in cyber-security, fraud, risk and compliance do to support operations, Enterprise Management Associates (EMA) surveyed 400 North American respondents. Surprisingly, lack of budget was only a minor frustration. Rather, a dearth of people was a top concern, but the report said that is a symptom of a much larger security problem. The respondents range from vice presidents to C-level executives to the frontline operations staff. Fifty-three percent work in very large enterprises (VLEs), 19 percent in enterprises, and 27 percent in the midmarket. They represent banking, finance, insurance, manufacturing, healthcare, retail and wholesale infrastructure, professional services and the federal government.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register