Security Operations Effectiveness for business growth
Security professionals’ overconfidence in security tools leads to data breaches, vulnerabilities, and wasted time and money. Today’s security operations teams face an unrelenting stream of attacks from both outside and inside of their organizations.
Security operations teams are dealing with tool sprawl which may inadvertently compromise their security tools’
capabilities, while misconfigurations can result in attacks through capable devices. A security professional can implement temporary rules to authorize short-term contractor access no longer needed or accidentally turn off a setting that may not get noticed.
This post investigates the current thinking of security operations teams and senior management to understand how they validate that their security solutions are working and if they are defending their organizations as expected. In addition, the research sought to understand the value and concerns of running security assessments against production systems.
Security experts are overconfident that their security solutions are working as intended and breaches continue to happen. The research finds 75 percent of companies surveyed have been breached on average once each year. Research indicates that barely half of the security professionals are confident in their current security solutions.
Security professionals admit that they test infrequently. Only one-third of companies surveyed have tested their security solutions in the last 30 days. Just over 20 percent of companies utilize internal and external security testing. Only half of the security teams practice breach response and remediation.
Further, just 35 percent of those surveyed test and validate their security defense operations. This lack of knowledge of actual security solution operations has led two-thirds of companies to invest in and operate overlapping solutions (half by accident), resulting in wasted budget with no improvement in security posture.
A strong majority of security professionals surveyed, 86 percent of respondents, recognize the value in security test solutions that can actively test their company’s security products and posture, using both internal and external attack vectors.
Security Professionals Worry about Defending their Organizations on Multiple Fronts Security professionals are worried about the next cybersecurity attack and their abilities to defend their organizations. Those surveyed indicated that they are concerned about security against an ever-increasing attack surface; they worry about insider threats with 66 percent worried about infected employee devices; while 34 percent worried about a low-security staff skill set. Fifty-five percent of those surveyed also worry about the risk of external attacks. Contact Musato Technologies to learn more about our ICT services and solutions.