Cybersecurity pros reveal what they think about their organizations

Business managers are engaged, but security operations remain informal, limited and anchored by key personnel.

Cybersecurity pros reveal what they think about their organizations
pixelcreatures via Pixabay

Security has become a boardroom issue, but many organizations face challenges when trying to address cybersecurity concerns, according to a new ESG research report titled Cybersecurity Analytics and Operations in TransitionThe report is based on a survey of 412 cybersecurity and IT professionals directly involved in their organizations' security operations processes.

As part of the survey, respondents were presented with several statements and asked whether they agreed or disagreed with each. Here are a few of those statements with my analysis.

  • 73% of survey respondents strongly agreed or agreed with the statement: Business management is pressuring the cybersecurity team to improve security analytics and operations. If you want proof that cybersecurity is a boardroom-level issue today, here it is. The good news is that the survey also indicates 81% of organizations plan to increase their security operations budget, so business executives are willing to throw money at the problem. The bad news is that the cybersecurity team is now on the hook to deliver measurable improvements and ROI. 
  • 72% of survey respondents strongly agreed or agreed with the statement: My company's security analytics and operations are anchored by a few key individuals. Danger, Will Robinson! This indicates that a few critical SOC personnel can make or break security operations processes — a risky situation given the global cybersecurity skills shortage. If experienced incident responders walk out the door, organizations could be in big trouble. CISOs must address this situation by introducing formal security operations processes and bolstering the productivity of junior SOC staff as soon as possible.
  • 66% of survey respondents strongly agreed or agreed with the statement: Security analytics and operations effectiveness is limited because it is based upon multiple independent point tools. This is why organizations are consolidating tools and vendors. Additionally, 71% are actively building a SOAPA by integrating point tools together. 
  • 60% of survey respondents strongly agreed or agreed with the statement: Security analytics and operations effectiveness is limited because it is based upon too many manual processes. This is real problem because manual processes can’t scale to meet today’s security operations needs. This is why we see so much activity in security operations automation and orchestration. 
  • 59% of survey respondents strongly agreed or agreed with the statement: Security analytics and operations effectiveness is limited due to problems in the working relationship between cybersecurity and IT operations team. Remediating security problems is a team sport that involves cybersecurity and IT operations teams, so problems here equate to increased risk. This is why security vendors such as Arbor Networks (NetScout), Cisco, Resolve Systems and ServiceNow offer tools and expertise to help bridge gaps between the two groups. CISOs must work with CEOs to address collaboration, communications and compensation issues and get these teams working better together.
  • 58% of survey respondents strongly agreed or agreed with the statement: Security analytics and operations effectiveness is limited because of employee skills gaps. Ah, the pervasive skills shortage again. CISOs must assess team skills and either increase headcount appropriately or find service providers for staff augmentation or outsourcing.

I realize that a lot of these issues are well known, but I believe they bear repeating. Beside, lots of organizations suffer from many of these conditions, making security operations improvement quite challenging.

CISOs must avoid the temptation to address these issues by purchasing/deploying the latest security operations tool du jour pedaled by the Sand Hill Road crowd. Rather, security executives must build a two- to three-year strategy to modernize and formalize security operations if they want to truly improve efficacy, efficiency and employee productivity. 

New! Download the State of Cybercrime 2017 report