Incident response is the part of security that organizations may wish they never had to think about, as it only comes in to play after an incident has happened.
However, a survey of CISOs and security technicians showed that the problem may be technical and not just managerial.
In a survey of 1,083 professionals in the U.S. and the EMEA, researchers at the Ponemon Institute found that 85 percent said incident response is hurt by the inability of point solutions to prioritize alerts as they come in. In addition, 74 percent said poor to no integration between security products negatively impacts response capabilities.
This study, sponsored by AccessData, comes on the heels of another study from Ponemon Institue released earlier this year that found that incident response represents less than 10 percent of the security budgets of half of those surveyed. Additionally, 80 percent said they don’t frequently communicate with executive management about potential cyber-attacks against their organizations.
This lack of communication may exacerbate a lack of trust. In the most recent survey, 65 percent of respondents said that when a CEO and board of director asks a security team for a briefing immediately following an incident the briefing would be purposefully modified or watered down. Seventy-eight percent believe most CISOs would make a “best effort guess” based on limited information and would take action prematurely and report the problem resolved when that was actually not the case.
Sixty-one percent said an overwhelming numbers of alerts paralyzing efforts, and 86 percent said detection of cyber attacks takes too long. While 66 percent believe finding the root cause of prior incidents helps strengthen defenses, 38 percent say it could take a year and 41 percent say they would never be able to identify the root cause with certainty.
“CISOs are clearly saying their disparate tool sets are not keeping up with the threats they face,” said Craig Carpenter, chief cybersecurity strategist at AccessData, in a statement. “What they need is an incident resolution platform that doesn’t just integrate alerts from myriad point solutions, but makes intelligence actionable and automates significant portions of the IR process, allowing them to focus on the most pressing incidents.”