In today’s security space, we’re all too familiar with the challenges presented by industry-wide shortages in talent, budget, and dedicated security infrastructure. Many insights from the LogRhythm 2018 Cybersecurity: Perceptions & Practices benchmark survey confirm this common understanding, yet one finding cuts to the core of the issue: Less than half of all surveyed organizations are able to detect a major cybersecurity incident within one hour. Even more concerning, less than one-third said that even if they detected a major incident they would be unable to contain it within an hour.
From my experience, I can’t say these findings come as a surprise. Timely detection of and response to cyberthreats have been and remain major challenges for all organizations. It takes time to understand the full scope of an incident and determine how best to neutralize it. Being able to respond and contain a major incident within an hour is a difficult task, but is one that is necessary if you want to prevent a significant breach and associated brand damage in today’s day and age.
The survey’s findings surfaced many of the struggles security teams grapple with on a daily basis. A few highlights (or lowlights, really) of these findings include:
- More than a third of IT decision makers say their company was hit by a breach in 2017.
- The majority of IT decision makers think the average cybersecurity professional wastes as much as 10 hours a week due to software inefficiencies.
- More than one-third say they and their teams spend at least three hours a day on tasks that could be handled by better software.
It’s unlikely that threats will ease up or that security operations teams will suddenly have an influx of qualified professionals and increased budgets. The industry-wide shortage of resources is made much more apparent when organizations don’t efficiently leverage automation and orchestration as a part of their cyber security workflow and processes. Now, more than ever, security teams need technology to help them corroborate and qualify threats to make informed decisions. Proper technology integration and process automation are critical for an effective and efficient security operations center (SOC).
To learn more, download the complete LogRhythm 2018 Cybersecurity: Perceptions and Practices benchmark survey.