Security News > 2022 > June > Only 43% of security pros can respond to critical alerts in less than an hour
The report found that 85% of IT security professionals have experienced preventable business impacts resulting from insufficient response procedures, while 97% said that more accurate alerting would increase their confidence in automating threat response actions.
"Modern security operations centers should be equipped with high-fidelity alerts, that include proper contextualization and correlation to provide as clear of a picture of the threat as possible. Not only does that enable analysts to work better, but it also unlocks the ability to implement automated response actions that stop threats with speed and precision. The key is confidence in the detection."
93% of security professionals are working to reduce response times, and 99% either believe they need more automation or want to learn more about automating security incident response in their organizations.
The research found that 38% of security teams for companies with over 1000 employees are still not resourced for 24/7 SOC coverage; of that, 30% have SOC coverage during business hours only, and 8% have no SOC. "Traditionally SOCs only existed at the large enterprises, which are well resourced with sophisticated security teams. Now, even smaller organizations recognize the need for 24/7/365 monitoring given today's threat landscape," said Mullins.
Of the 85% of security professionals that reported preventable business impacts insufficient response, 63% reported consequences of blocked access to their systems resulting in downtime, and 47% reported a negative impact on customer experience.
Mullins added: "With the rise of ransomware and attacks on critical infrastructure, we all know that cyber incidents can have highly disruptive impacts on operations. That can certainly cost a business internal productivity and revenue, but in the case of critical infrastructure, these attacks can have much more troubling consequences. No one can prevent 100% of threats from entering their environments, so it's just as important to have mature detection and response programs to stop the threats before they can actually damage the business or stop operations. Automating response and partnering with a trusted provider to manage detection and response are both paths to faster threat containment."
News URL
https://www.helpnetsecurity.com/2022/06/10/cyber-events-response-capabilities/
Related news
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Major security audit of critical FreeBSD components now available (source)