What’s changed in cyber security since 2013? Not as much as you might think. A new joint survey between FireEye and Information Security Media Group shows that some things are improving in the fight against threat actors – and that many changes still need to be made. One example: we’re gaining ground with increased cyber security spending but on the flip side, we still don’t have enough security staff to deal with incident detection and response.
Overall, it’s clear there is a shortage of resources. When we posed the question about the top three challenges that would prevent companies from being able to respond to an incident, lack of skill/personnel was the top answer, followed closely by a lack of tools and the inability to detect intrusions fast enough.
Organizations indicated they need more threat intelligence; they need to be able to respond as quickly as they detect; and that more skills are needed to keep pace with attackers – whether those are in-house or blended with outsourced resources.
A few other numbers to note:
- 51% don’t have a breach response plan that’s been updated and tested in the past year
- 56% rate the value of their current threat intelligence at average or below
- 67% rate the maturity of their in-house breach response skills compared to those of threat actors targeting them as average or below
- 61% know they’ve been targeted in the past year; 21% say they don’t know whether they’ve been targeted
- Nearly ¼ say they’re targeted daily, and yet 32% conduct compromise assessments only once a year
Much has changed in the last three years, with an increase in awareness and plenty of positive efforts to protect against threat actors. But despite the almost-daily headlines about breaches in every industry and vertical, more than 10 percent of those who responded to this survey don’t have a formal breach response plan.
In 2016, 98% expect their security budget will stay the same or increase, with a particular focus on endpoint and forensics tools. Those, in particular, will improve how quickly an attack is identified and how quickly it can be responded to – and help us to make progress in the fight against cyber attackers.