Critical shortcomings in the current approach to cyber security and incident response are putting companies at risk, with 86 percent of respondents to a Ponemon Institute study saying that it takes too long to detect a cyber attack.
And 85 percent of the 1,083 CISOs and security technicians surveyed for the report, Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations, conducted by Ponemon and sponsored by incident resolution specialists AccessData, said they didn't have a way to prioritize incidents.
“That's a big problem,” Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, told SCMagazine.com. “Some incidents are really significant and some are Mickey Mouse, bouncing off of the firewall.”
Bombarded by threats from every angle, companies also find it difficult to sift through them all — 61 percent of those surveyed said they receive too many alerts from too many point solutions.
“It's a game of whack-a-mole for them,” Craig Carpenter, chief cyber security strategist at AccessData, told SCMagazine.com.
And those solutions either aren't integrated or are poorly integrated, a problem that 74 percent of the CISOs and security technicians said impairs their ability to respond to threats while 40 percent claim that their security products don't support imported threat intelligence from other sources.
“They want information that's timely and really accurate. Getting both is kind of a Nirvana state, ” said Ponemon. “But what they're getting is slow moving and “maybe” accurate.”
To close the gaps, Carpenter said, companies need the ability to do three things: automate incident resolution; validate and prioritize threats; and validate information against threat feeds with real time information regarding what's happening outside their own networks.