Attacks/Breaches

5/31/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Security Teams Overwhelmed by Rising Volume of Attacks

New Research Finds "Time Sink" Security Investigation Threatens Effective Security Operations

SAN FRANCISCO – Splunk, provider of the leading software platform for real-time Operational Intelligence, today announced the results of new research from IDC that shows organizations are constantly under attack and struggling to keep up. The research finds most organizations run time-consuming security investigations and often fail to effectively protect themselves. Read the full IDC InfoBrief, "Investigation or Exasperation? The State of Security Operations," sponsored by Splunk.

Findings from a survey of 600 senior security professionals across the U.S. and Europe highlight that less than half (47 percent) of security teams gather enough information about those incidents to enable appropriate or decisive action. Firms experience an average of 40 actionable incidents per week, but only a quarter (27 percent) think they are coping comfortably with this workload, and a third (33 percent) describe themselves as “struggling” or “constantly firefighting.” More than half (53 percent) of respondents claimed the biggest limitation to improving security capabilities was that resources are too busy on routine operations and incident investigation.

"The amount of time companies are spending on analyzing and assessing incidents is a huge problem," said Duncan Brown, associate vice president, security practice, IDC. "The highest-paid, most skilled staff are being tied up, impacting the cost and efficiency of security operations. This is exacerbated when considered alongside the security skills shortage, which has most impact in high-value areas like incident investigation and response. Organizations must ensure that they are using their data effectively to gain key insights quickly to determine cause and minimize impact."

"It’s time to change how we approach incident response," said Haiyan Song, senior vice president, security markets, Splunk. "As attacks become more advanced, frequent, and take advantage of IT complexity, we must become proactive in our approach to security – how else will we know we have been breached? As demonstrated by the swift, global spread of WannaCry, it has never been more important for organizations to proactively monitor, analyze and investigate to verify whether there are real threats, then prioritize and remediate the most critical. By taking an analytics-driven approach, and increasingly automating when possible, security teams can shorten investigation cycles, respond quickly and appropriately in the event of a compromise, free up resources to focus on more strategic initiatives and ultimately improve security posture."

Other findings from the study include:

  • Everyone’s under attack. 62% of firms are being attacked at least weekly, with 30% attacked daily and 10% hourly or continuously. 45% are experiencing a rise in the number of security threats.
  • The volume of incidents is challenging. Organizations experience an average of 40 actionable security alerts per week, with this number rising to 77 for finance and 124 for telco.
  • Most firms only surface a breach to the board at the last possible moment. Asked when they report a security incident to the board, the top triggers were sensitive data breach (66%), compromised customer data (57%), and a mandated notification to a regulator (52%). Only 35% of firms have breach reporting to the board built into their defined incident response processes.

To find out how you compare to your peers when it comes to incident response, visit IDC's Security Response Readiness Assessment.

Methodology

IDC surveyed 600 global organizations with over 500 employees in the U.S., U.K., Germany, France, Sweden and the Netherlands.

The full IDC InfoBrief can be downloaded here.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
[Sponsored Content] The State of Encryption and How to Improve It
[Sponsored Content] The State of Encryption and How to Improve It
Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19790
PUBLISHED: 2018-12-18
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti...
CVE-2018-19829
PUBLISHED: 2018-12-18
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
CVE-2018-16884
PUBLISHED: 2018-12-18
A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel id and cause a use-after-free. Thus a malicious container user can cause a host kernel memory corruption and a system ...
CVE-2018-17777
PUBLISHED: 2018-12-18
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have acc...
CVE-2018-18921
PUBLISHED: 2018-12-18
PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action.