A recent article in Security Magazine highlighted a “clear and present danger” for many organizations today—that of cyber-response fatigue. In short, those tasked with securing their companies against IT risk are hitting their limits.
With shrinking public tolerance for cybersecurity breaches and greater penalties for noncompliance in regulated industries (consider, for example, the GDPR that just went into effect), the heat and light on and from the boardroom have intensified dramatically. There is a fundamental expectation that companies will have the ability to identify and respond to a cyber event.
Even with increased spending on security tools (one survey finds that the average enterprise can have up to 60 security tools), many organizations remain largely reactive. Antivirus tools send alerts in the event of a problem—one that has already occurred. A SIEM can be a powerful tool, but only when it is monitored regularly and has the ability to mine alerts and distill the meaningful information from the masses.
Losing the battle?
Amidst the added responsibility and heightened expectations, security leaders are in a valiant fight to keep up. Part of the battle involves access to talent; the intensified pressure to manage risk is quickly outpacing the available cybersecurity staff and skills. In major metro areas such as the San Francisco Bay Area, the labor supply is tight, and salaries are through the roof. The Ponemon Institute estimates that by 2020, there will be 1.8 million cyber jobs left unfilled, and the consequences are sobering. According to recent research by the ISSA and ESG,
- 63% of organizations are seeing increasing workloads for existing staff
- 41% of cybersecurity teams are spending time on high-priority issues and incident responses, with minimal time spent on planning, training or strategy
- 38% of cyber staff are citing burnout
- 24% of cyber teams do not have the ability to investigate or prioritize security alerts in a timely manner
“It’s not humanly possible”
The question many are asking: is it even humanly possible to maintain a defensive position in this expanded threat landscape? Perhaps there is another angle to consider. Cybersecurity—and in particular, threat detection—presents a compelling use case for artificial intelligence and machine learning. Managed security providers are starting to pair these advanced automation technologies with their subject matter expertise to offer enterprises of all sizes a new kind of defense—one that puts them on the offensive. With the ability to aggregate logs, mine incidents and isolate and prioritize threats, these Security Operations Center-as-a-Service (SOCaaS) providers are, in many cases, hastening the time to detection by 80%.
For those organizations looking to focus more on running their business than defending it, DataEndure’s Digital Defense SOCaaS is a viable option for augmenting their capabilities with the latest technology and deep expertise, enabling them to become less reactive and more resilient in an ever-evolving threat landscape—all without draining their IT resources and budget.