Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

2/10/2021
11:20 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Siemplify Research Reveals Cybersecurity Postures Stronger Than Pre-Pandemic for Many

NEW YORK, Feb. 2, 2021Siemplify, the leading independent provider of security orchestration, automation and response (SOAR), today released new research on “The State of Remote Security Operations.” Based on a recent survey of nearly 400 security operations (SecOps) professionals, the report studies how the sudden shift to remote work during the COVID-19 pandemic has affected SecOps analysts’ ability to perform their jobs and the impact on overall security postures.

The research reveals that overall cybersecurity posture has remained strong due to greater investments in security automation technologies and reliance on managed security service providers (MSSPs), potentially paving the way for many security operations centers (SOCs) to become permanently remote.

SecOps is a highly collaborative function, with security analysts working closely in physical SOCs to address tens of thousands of alerts and security incidents daily, hunt for threats and problem-solve responses. The unexpected shift to remote workforces means that these professionals have been tasked with the challenge of securing more complex and dispersed, cloud-based environments at the same time that they themselves are working from home and have lost the benefits of collaborating with their colleagues in a centralized SOC.

“With threats growing in frequency and sophistication, and with the added challenges of performing SecOps from home, I think many people expected organizations’ cybersecurity postures to take a hit during the pandemic,” said Nimmy Reichenberg, CMO and head of strategy of Siemplify. “But our research showed just the opposite – 74 percent of respondents said their cybersecurity posture has remained largely the same or has even improved. There may have been initial struggles, but this clearly shows that the industry has risen to the occasion, pivoting quickly to help organizations ensure business continuity while staying protected during these challenging times.” 

Key Findings from The State of Remote Security Operations Report:

●       SOCs will forever change: The physical SOC will most likely never return to its glory days, as virtual or hybrid SOCs offer more flexibility in recruiting hard-to-find cybersecurity talent and result in more satisfied security analysts. More than a quarter (26%) of respondents say it will be 12 months or longer before SecOps teams transition back to on-premises work, or that their SecOps teams do not intend to ever go back to on-premises. Only 30% of respondents mentioned their morale had been reduced, while the rest had reported their morale has not changed (31%) or improved (39%).

●       Challenges are mounting as alerts increase: Forty-two percent report that their alert volume is higher now than it was prior to the pandemic. Respondents also report that their jobs have become more difficult since going remote. Fifty-one percent say investigating suspicious activities is more challenging in a remote environment, 49% say collaborating with their peers is more difficult and 39% say problem solving and alert handling is more challenging from home.

●       Insecure home networks and cloud adoption are the biggest threats: When asked to identify the top security risks facing their organization since transitioning to remote work, respondents named their employees’ insecure home networks as the top threat, followed by increased cloud adoption at a close second. Additionally, 57% report seeing more phishing threats since the shift to remote work.

●       Investments in automation and managed services are increasing: To cope with the challenges of remote work, SecOps teams are turning to security automation technologies and the help of MSSPs. More than three-fourths (76%) of respondents say the COVID-19 pandemic has played a role in their actions to increase SecOps automation or is expected to in the near future. Thirty-seven percent have prepared new automated playbooks to respond to emerging, remote-specific threats, and 52% say their use of an MSSP has increased.

●       Security postures remain strong: Even as SecOps has become more complex in today’s remote landscape and alerts have increased, security professionals have managed to keep their organizations well protected. Almost half (47%) say their security posture is mostly the same as before the pandemic and 27% say their security posture has actually improved. Just 26% of respondents say their security posture is worse than it was before the pandemic. Additionally, one-third of respondents are planning to or have already enhanced benefits to help retain SecOps staff.

“Although the SecOps profession has been flipped on its head by COVID-19, one possible silver lining is that organizations are hiring additional cybersecurity talent, enhancing their benefits and increasing investments in automation technologies in order to better support their SecOps teams,” Reichenberg said. “In an industry that is notorious for high stress and high turnover, this signals to me that teams are focusing more than ever on the right things.”

To access the full State of Remote Security Operations report and read the complete findings, visit https://www.siemplify.co/resources/the-state-of-remote-security-operations/.

Survey Methodology

Siemplify commissioned a third-party research firm to survey 393 cybersecurity operations professionals, consisting of managers or directors overseeing a cybersecurity function as well as security analysts, architects and engineers. Respondents work in a variety of sectors, including technology, manufacturing, finance, retail, healthcare, government and education. Respondents work at organizations that employ an average of 1,095 people. The survey was conducted through emails sent in late 2020.

About Siemplify 

Siemplify, the leading independent security orchestration, automation and response (SOAR) provider, is redefining security operations for enterprises and MSSPs worldwide. The Siemplify platform is an intuitive workbench that enables security teams to manage their operations from end to end, respond to cyber threats with speed and precision and get smarter with every analyst interaction. Founded in 2015 by Israeli Intelligence experts, with extensive experience running and training security operations centers worldwide, Siemplify has raised $58 million in funding to date and is headquartered in New York, with offices in Tel Aviv. Visit us at siemplify.co and follow us on Twitter and LinkedIn

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32812
PUBLISHED: 2021-08-02
Monkshu is an enterprise application server for mobile apps (iOS and Android), responsive HTML 5 apps, and JSON API services. In version 2.90 and earlier, there is a reflected cross-site scripting vulnerability in frontend HTTP server. The attacker can send in a carefully crafted URL along with a kn...
CVE-2021-32787
PUBLISHED: 2021-08-02
Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads and ...
CVE-2021-32811
PUBLISHED: 2021-08-02
Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and have the optional `Produ...
CVE-2021-21866
PUBLISHED: 2021-08-02
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger t...
CVE-2021-27499
PUBLISHED: 2021-08-02
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows man-in-...