In a newly released study from International Data Corporation and cybersecurity company Exabeam, research shows companies globally are struggling with visibility when it comes to defending against cyberattacks.
Fifty-seven percent of surveyed companies experienced significant security incidents in the last year that required extra resources to remediate - shining a glaring light on program gaps caused by dedicated but overburdened teams lacking key, automated threat detection, investigation, and response resources.
North America experienced the highest rate of security incidents, closely followed by Western Europe, then Asia Pacific and Japan.
Research for the Exabeam report, The State of Threat Detection, Investigation and Response, November 2023, was conducted by IDC on behalf of Exabeam and includes insights from 1,155 security and IT professionals spanning these three regions.
The findings reveal a significant gap between self-reported security measures and reality.
Despite 57% of interviewed organizations reporting significant security incidents, over 70% of organizations reported better performance on cybersecurity key performance indicators, such as mean time to detect, investigate, respond, and remediate in 2023 as compared to 2022, and the overwhelming majority of organizations believe they have good or excellent ability to detect cyberthreats.
Seventy-eight percent also believe that their organizations have a very effective process to investigate and mitigate threats.
These inflated confidence levels are creating a false sense of security and likely putting organizations at risk.
A continued lack of full visibility and complete TDIR automation capabilities, which survey respondents also reported, may explain the discrepancy.
While no organization is immune from adversarial advances, the lack of full visibility means that organizations are potentially blind to any advances in those unseen environments.
With TDIR representing the prevailing workflow of security operations teams, more than half of global organizations have automated 50% or less of their TDIR workflow, contributing to the amount of time spent on TDIR. Unsurprisingly, respondents continue to want a strong TDIR platform that includes investigation and remediation automation, yet hesitation to automate remains.
When organizations were asked about the TDIR management areas where they require the most help, 36% of organizations expressed the need for third-party assistance in managing their threat detection and response, citing the challenge of handling it entirely on their own.
This highlights a growing opportunity for the integration of automation and AI-driven security tools.
The second most identified need, at 35%, was a desire for an improved understanding of normal user, entity, and peer group behavior within their organization, demonstrating a demand for TDIR solutions equipped with user and entity behavior analytics capabilities.
These solutions should ideally minimize the need for extensive customization while offering automated timelines and threat prioritization.
The organizations surveyed for the report represent North America, Western Europe, and APJ, across multiple world industries.
The State of Threat Detection, Investigation, and Response 2023 report can be found here.
This Cyber News was published on www.cybersecurity-insiders.com. Publication date: Sat, 17 Feb 2024 13:43:04 +0000