We live in a reality where it’s so difficult to hire and retain qualified cybersecurity practitioners and security operations centers (SOC) are being outpaced by the number and sophistication of threats. Despite these challenges, we have found some organizations have established highly-effective SOC operations, but many others still have not.
Swimlane partnered with Dimensional Research, a leading independent research firm, to conduct a global survey of more than 1,000 security professionals and executives, in search of a more accurate temperature check on the reality of cyber-threat readiness. This new study investigated the perceptions of cybersecurity among front-line security professionals and executives, the current trends in security operations team shortages, and the effectiveness of tools leveraged to address today’s top cybersecurity challenges. Some of the results are inline with what I would expect, but as an executive for a major cybersecurity platform provider, I’m shocked at the disconnect that exists between security operations leadership and the boots on the ground.
Executives and Security Analysts Are Not Aligned
One of the most shocking themes from the 2023 Cyber Threat Readiness Report was the extent that CISO’s over-estimated their organization’s threat detection and incident response (TDIR) capabilities. Call it confidence, optimism or delusion, security executives reported a different perspective than frontline workers in multiple areas.
Ability to Address Security Alerts
- 70% of executives across the globe believe all alerts are being handled.
- 36% of front-line roles that address the alerts.
- 58% of organizations are actually addressing every single alert.
Potential to a Fully-Staffed Security Team
- 82% of executives believe they will eventually have a fully-staffed security team.
- Only 52% of security team members think this will be a reality.
Proficiency with Heavy Scripting Automation Tools
- 87% of executives believe that their security team possesses what it takes for successful adoption.
- Only 52% of front-line roles stated they have enough experience to use heavy scripting security automation tools properly.
The Talent Gap is Here to Stay
This report reveals that the talent gap is getting wider. Most of us in the cybersecurity industry understand the gravity of this challenge, and with 82% of companies reporting that it takes three months or longer to fill an open security position, the challenge is very real. 34% of respondents reported it takes them seven months or more, while one-third of organizations believe that they will never have fully staffed teams.
The struggle to hire is just half of the problem. More than 9 out of 10 security professionals surveyed attribute business issues to security team turnover, including:
- 84% of respondents in the healthcare sector said security team turnover presents a risk to their organization.
- 80% of respondents in the government sector said security team turnover presents a risk to their organization.
- 78% of respondents in the financial services sector said security team turnover presents a risk to their organization.
The Implications of Security Automation
At the beginning of this post, I told you that the purpose of this research was to understand what separates the organizations that are ready for cyber-threats from those that are not. As a provider of security automation, I also want readers to understand our contribution to the solution. This Cyber Threat Readiness Report revealed that low-code security automation was in fact the common denominator for the most-prepared SecOps teams. By leveraging a low-code platform to automate highly-manual and tedious tasks to address every alert effectively, you may find yourself among the security teams already involved in the statistics below:
- More than three-quarters (78%) of organizations that handle every alert use low-code security automation in their security stack.
- 98% of participants cited the advantages of low code security automation solutions, such as the ability to scale the implementation based on the team’s existing experience and with less reliance on coding skills.
Balancing Human Expertise and Technological Advancements
The research findings highlight the simple fact that people alone can’t solve the issues plaguing today’s cybersecurity operations teams. Today’s enterprises should be striving for a better understanding of their automation readiness and be prepared to supplement their security efforts with the optimal balance of security orchestration, automation, and response (SOAR) to empower their teams to address and excel past these pervasive challenges. The combination of human expertise and a low-code security automation platform, like Swimlane Turbine, can play a critical role.
See where you stack up by trying our first-of-its-kind Automation Readiness & Orchestrated Resources (ARMOR) Assessment, a free online resource to any organization, detailing a complimentary review and tailored report of your current security automation maturity and recommendations for up-leveling your strategies to align with industry best practices.