87% of orgs impacted by cyber threats they couldn’t detect and neutralise in the past year

New report from Red Canary shows increased investment is failing to stem the tide of breaches as security teams struggle with complexity, skills, and an ever-expanding attack surface.

  • 1 month ago Posted in

Red Canary has launched a new report providing insight into challenges facing modern cybersecurity teams: Security Operations Trends Report. Surveying 700 security leaders from the US, UK, New Zealand, Australia and Nordics, the report shows that traditional Security Operations Center (SOC) approaches are failing. 87% of respondents have been impacted by a security incident they were unable to detect and neutralize in the past year, resulting in data compromise, outages, fines, audit failures and reputational damage.

The report highlights the growing pressure on SOC teams and the impact on organisational risk:

• Complexity is increasing. 73% say their attack surface has widened in the past two years, by an average of 77%, with 64% reporting to having knowledge deficits around securing new technologies.

• The risk of new technologies. 62% say AI has made it more difficult to keep their organizations secure, while all respondents have faced cloud security challenges.

• The threat tide is rising and attackers are harder to detect. 77% say attackers are moving much faster but 85% admit the detection deficit (i.e. the time between detecting and resolving an incident) has either increased or stayed the same in the past year.

• Tool bloat and alert fatigue stopping teams from being proactive. 60% say there is ‘too much noise and too many security alerts’ to deal with effectively. Security teams spend twice as much time on operational tasks as opposed to cyber readiness.

• Skills shortages. 83% say it’s getting harder to recruit and retain skilled security professionals, while 62% are experiencing higher levels of churn due to overwork and stress.

“The scale of risk facing businesses today is unprecedented and traditional approaches to SOC are no longer cutting it,” said X at Red Canary. “For too long, organizations have tried to paper over security cracks by throwing more money, tools and people at the problem. But with the technology used by both businesses and adversaries moving so fast, SOC teams simply cannot keep up. Teams cannot be expected to instantly know and understand every potential risk when new technology is adopted. A new approach is needed so that businesses and teams don’t have to tackle security problems alone.”

SOC teams struggle to act on intelligence

78% of security leaders say a more intelligence-led security program which is equipped with real-time insight would enable them to focus on the most important problems, and faster. However, 66% say it’s really difficult and time consuming to turn threat intelligence into actions they can take to proactively address issues.

Specific issues highlighted include:

• Budgets aren’t cutting it. While 63% of security leaders had an increase in their budget in the past twelve months, only a third (37%) felt it was enough to ensure the business is secure. This is only getting worse as 62% say continued investment in developer speed is putting the business at risk.

• Keeping up with compliance. To stretch resources even further, 46% say they have been too busy responding to audits and ensuring they are compliant with regulations to focus on security training and fire drills.

• Security is an afterthought not a priority. 63% say security is often brought in too late as the ‘clean-up crew’ when they should be helping earlier to ensure environments are secure by design.

These issues are leading to an evolution in how SOC is managed, with many businesses now implementing a hybrid model of security operations. By using partners and managed services, businesses can increase their teams and plug knowledge and skills gaps. In fact, on average, security teams are comprised of 40% in-house staff compared to 60% outsourced.

“There is an urgent need to rethink our cyber defenses and how we equip and support the SOC team,” continued X. “Around 80% of threats have more to do with the technology stack than the business itself, but teams still spend their time battling these more well-known problems. By working with a partner to outsource some of this noise, in-house teams can focus on protecting the 20% of applications that are unique to the business. Partners provide a level of herd immunity – they have collective intelligence on the most commonly used applications and providers and so will be much better equipped to solve any issues faster. SOC teams simply shouldn’t be spending time trying to intake, analyze, detect and respond to threats that are broadly applicable. A hybrid model enables SOC to facilitate fast and secure innovation by freeing up teams to focus on protecting the crown-jewels of the business.”  

Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
MSSPs identify regulatory compliance as additional factor as organisations seek to shift...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...
Gigamon and Exclusive Networks have expanded their existing distribution partnership, broadening...
Trustwave and Cybereason have announced a definitive merger agreement offering a comprehensive and...
FortiDLP’s unified approach to data protection enables enterprise organizations to anticipate and...