The results of new research from IDC and Splunk has confirmed that in today’s digital environment organisations are constantly under attack and struggling to keep up. The research found most organisations run time-consuming security investigations and often fail to effectively protect themselves.
The survey of 600 senior security professionals across the US and Europe found that less than half (47%) of security teams gather enough information about cyber incidents to enable appropriate or decisive action.
Firms experience an average of 40 actionable incidents per week, but only a quarter (27%) think they are coping comfortably with this workload, and a third (33%) described themselves as “struggling” or “constantly firefighting.”
More than half (53%) of respondents claimed the biggest limitation to improving security capabilities was that resources are too busy on routine operations and incident investigation.
“The amount of time companies are spending on analysing and assessing incidents is a huge problem,” said Duncan Brown, associate vice president, security practice, IDC. “The highest-paid, most skilled staff are being tied up, impacting the cost and efficiency of security operations. This is exacerbated when considered alongside the security skills shortage, which has most impact in high-value areas like incident investigation and response. Organisations must ensure that they are using their data effectively to gain key insights quickly to determine cause and minimise impact.”
>See also: The state of IT security in UK businesses
Everyone’s under attack. 62% of firms are being attacked at least weekly, with 30% attacked daily and 10% hourly or continuously, while 45% are experiencing a rise in the number of security threats.
The volume of incidents is challenging. Organisations experience an average of 40 actionable security alerts per week, with this number rising to 77 for finance and 124 for telco.
Most firms only surface a breach to the board at the last possible moment. Asked when they report a security incident to the board, the top triggers were sensitive data breach (66%), compromised customer data (57%), and a mandated notification to a regulator (52%). Only 35% of firms have breach reporting to the board built into their defined incident response processes.
“It’s time to change how we approach incident response,” continued Haiyan Song, senior vice president, security markets at Splunk. “As attacks become more advanced, frequent, and take advantage of IT complexity, we must become proactive in our approach to security – how else will we know we have been breached? As demonstrated by the swift, global spread of WannaCry, it has never been more important for organisations to proactively monitor, analyse and investigate to verify whether there are real threats, then prioritise and remediate the most critical. By taking an analytics-driven approach, and increasingly automating when possible, security teams can shorten investigation cycles, respond quickly and appropriately in the event of a compromise, free up resources to focus on more strategic initiatives and ultimately improve security posture.”
>See also: The UK’s new National Cyber Security Centre
The findings showed that UK firms were second only to the US when it comes to being attacked, ahead of all other surveyed countries in Europe. UK firms are increasingly targeted compared to other countries – 16% of UK firms have seen a 10 – 20% increase in attacks versus 12% overall.
Despite this, the UK is far better placed to respond to security incidents compared to European counterparts. Specialised tools such as machine learning have matured at a faster rate in UK organisations, while planned investment in incident response capabilities is also far higher. As a result, the UK has the fastest response times of all countries polled – 22% of UK firms can resolve incidents in 24 hours, compared to 13% overall.
The UK’s largest conference for tech leadership, TechLeaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here