50% of security alerts are ignored– why?

We have condensed Cisco’s 68 page Annual Cyber Security report and in this blog we bring some highlights that look at how the landscape is changing for cyber security teams. In a nutshell some of the key points are; Most losses from cyber security attacks are over $500k Protecting mobile devices and cloud data are the biggest challenges More vendors are being used causing more alerts Organisations are finding it harder to recruit security personnel Over 50% of legitimate alerts are not being remediated Technology is effective if policies, processes and people are in sync Organisations are increasing investment in AI and machine learning
The costs of cyber security breaches Cyber security breaches cause real damage to organisations and affect them in a number of ways. The damage could include; Financial loss Reputational damage Lost revenue Lost opportunities Financial costs to recover from a breach Cisco’s survey of over 3600 respondents across 26 countries concluded that over 53% of companies experienced losses of in excess of $500,000 for each cyber security breach.
As organisations implement a digitisation strategy, moving to cloud enabled applications and increasing adoption of mobile access, organisations have an ever growing challenge to protect themselves from the range of cyber security threats. Cisco determined that organisations found it most challenging to defend themselves from threats posed by mobile devices and cloud data. Some of the challenges cited included budget, interoperability and personnel. Many of them cited the lack of trained personnel as an obstacle to adopting advanced security processes and technology.
Every organisation surveyed said they are seeking to hire more qualified security professionals. Another evolving trend is the increase in use of security products from multiple vendors. This is probably a reflection on the fact there are few vendors who have a complete integrated solution portfolio that is best of breed. More organisations are now saying that an integrated solution is easier to implement and is more cost effective. The increased number of security vendors within an organisation does however present many challenges. There is an increase in the number of alerts from multiple vendors which also obfuscates rather than clarifies the security picture. There is now an even stronger case for security vendors to ensure that their solutions interoperate with other vendors, thus reducing risk and increasing efficacy.
The proliferation of events and alerts is resulting in IT security teams becoming overwhelmed to the extent that nearly 50% of legitimate alerts are not remediated simply because the organisation does not have sufficient security personnel. As the number of vendors’ products deployed increase, there does appear to be an increase in the number of breaches detected, probably due to the increased detection capabilities. Many organisations are now seeing more than half of their systems being impacted with some departments such as Operations the most likely to be impacted. Breaches are often accompanied with undesirable public attention resulting in more than 50% of organisations having to undergo public scrutiny of breaches.
The proliferation of events and alerts is resulting in IT security teams becoming overwhelmed to the extent that nearly 50% of legitimate alerts are not remediated simply because the organisation does not have sufficient security personnel. As the number of vendors’ products deployed increase, there does appear to be an increase in the number of breaches detected, probably due to the increased detection capabilities. Many organisations are now seeing more than half of their systems being impacted with some departments such as Operations the most likely to be impacted. Breaches are often accompanied with undesirable public attention resulting in more than 50% of organisations having to undergo public scrutiny of breaches.

Policies and People Another interesting area of Cisco’s report focused on the results of security assurance activities which included simulated attacks and the defensive capabilities that were compromised broadly categorised under people, policies and technology. The assessments identified that organisations needed to focus on improvements across all three areas to ensure maximum security effectiveness. A focus of defences based purely around technology would only provide protection from 26% of cyber security attacks. A focus purely on policies as the primary mode of defence would provide protection against only 10% of cyber security attacks. Technology can only be effective when policies, processes and people are operating within a framework that maximise the effectiveness and interdependence of all three.

Investing Many security professionals are expecting a tougher year ahead as they consider their changing environment with respect to increasing cloud adoption and IoT devices. Additionally they expect increased scrutiny from regulators, executives, stakeholders and clients alike. Unsurprisingly an increasing number of organisations are increasing their investment in security because they have been breached. In a bid to manage the increasing workload, organisations plan to invest in artificial intelligence and machine learning. In addition outsourcing of services such as monitoring and incident response are becoming more popular in a bid to stretch resources and strengthen defences.
Investing Many security professionals are expecting a tougher year ahead as they consider their changing environment with respect to increasing cloud adoption and IoT devices. Additionally they expect increased scrutiny from regulators, executives, stakeholders and clients alike. Unsurprisingly an increasing number of organisations are increasing their investment in security because they have been breached. In a bid to manage the increasing workload, organisations plan to invest in artificial intelligence and machine learning. In addition outsourcing of services such as monitoring and incident response are becoming more popular in a bid to stretch resources and strengthen defences.

Leave a comment

Your email address will not be published. Required fields are marked *