It’s widely known that today’s data security operations and incident response teams are battling bewildering odds against constantly evolving cyber criminals. With new threats bombarding businesses of all sizes, security teams are investing a significant amount of capital into a range of technologies that can help with detection and reduce risk.
Yet the mismatch between the high volume of alerts and limited resources mean that attacks often go unaddressed – a recent study showed that 80 percent of data breach victims don’t realize they’ve been attacked for a week or longer, with attacks often going more than 200 days before being discovered. That brings us to an important question with the status quo: is throwing more resources at the problem an effective solution?
Your security team could have all the tools in the world, but if your team only has the capacity to use them one at a time, what’s the point? It's similar to buying the most expensive cable package from your cable provider. You could have thousands of channels, but you can only watch one channel at a time. In both situations, you have all these great resources and options but if you’re only capable of doing one action at a time, whether it’s watching one show or using one tool at a time, the benefit probably doesn’t justify the cost since you don’t have the capacity to reap the full value.
As cyber attacks are increasing and evolving across the globe, security teams are being pushed to their limits trying to compete with and outwit cybercriminals. Grasping for help, the security industry is throwing money at the problem by investing in more tools. While the newest cybersecurity technologies are groundbreaking, none of those tools will help if you don’t have the capability and resources to implement and utilize them efficiently. According to a 2015 survey, 90 percent of companies abandon cybersecurity software soon after it’s deployed.
There’s no questions about it: the security industry has a serious capacity issue and it’s leading to a swell of successful cybercrime. Security teams just don’t have the ability to match cyber adversaries with their limited resources. For example, a recent EMA report found that 92 percent of companies receive 500 cyber alerts or more each month. That’s equal to 15,000 alerts per month.
If a cyber analyst can investigate roughly ten alerts a day, that means she or he can get through a few hundred alerts a month. As a result, you’d need roughly 50 security analysts working just to keep up with the current alert volume and that doesn’t take into account breaks, vacation, or sick time.
Adding to the problem, hiring more security analysts isn’t possible due to the growing skills gap and cyber talent shortage. By 2019, the cybersecurity workforce shortage is expected to reach 1.5 million. This widening shortage has created a “seller’s market” for security professionals— security experts have an excess of job opportunities that can lead to companies having trouble retaining cybersecurity talent.
Some reports even show that nearly half of security experts (46 percent) were contacted by recruiters at least once a week and the average lifespan of a CISO is 2-4 years. With a barrage of cyber alerts and constantly being in reactive mode, it’s no surprise that burnout and turnover for cyber analysts and security executives is so high.
Yet securing your company isn’t a lost cause, security teams have started to turn to security automation as the solution to their capacity issues. Per a recent ESG survey, more than half (62 percent) of enterprise organizations are pushing toward incident response automation. Security automation allows companies to scale the experience and logic of expert cyber analysts despite a skills shortage and capacity issue – guaranteeing stronger security, and reducing risk across the board.