According to the latest research from IDC and Exabeam, there is a harsh reality to face today when it comes to cybersecurity preparedness within organizations globally.
The findings are outlined in a November 2023 Exabeam report titled, "The State of Threat Detection, Investigation, and Response." The study uncovered that 57% of companies faced significant security incidents in the past year. This points to the significant need for enhanced automated threat detection, investigation, and response (TDIR) resources.
Conducted by IDC with insights from 1,155 security and IT professionals across North America, Western Europe, and the Asia Pacific and Japan (APJ) region, the research also found a notable gap between reported security measures and actual incidents.
While over half of the organizations experienced security incidents, more than 70% said they improved performance on key cybersecurity indicators in 2023 compared to the previous year. These metrics include time to detect, investigate, respond, and remediate.
The study exposed the false sense of security that is prevalent among organizations, as over 90% said they think they have good or excellent ability to detect cyber threats. The inflated confidence levels could be attributed to the continued lack of full visibility into IT environments, as organizations globally report monitoring only 66% of their IT landscapes, and this limited visibility leaves room for blind spots, especially in cloud environments.
The research also revealed that more than half of global organizations (53%) have automated 50% or less of their TDIR workflows. This contributes to a significant amount of time spent on TDIR processes (57%). Despite the desire for a robust TDIR platform with automated investigation and remediation capabilities - since organizations are still exhibiting hesitation to fully embrace automation.
“As attackers increase their pace, enterprises will have to overcome their reluctance to automate remediation, which often stems from concern over what might happen without a human approving the process,” said Michelle Abraham, Research Director for IDC's Security and Trust Group. “Organizations should embrace all the helpful expertise they can find, including automation.”
Looking to improve TDIR management areas, 36% of organizations said they need third-party assistance in managing threat detection and response. The second most identified need, at 35%, is a desire for a better understanding of normal user and entity behavior within organizations.
“While we aren’t surprised by the contradictions in the data, our study, in partnership with IDC, further opened our eyes to the fact that most security operations teams still do not have the visibility needed for overall security operations success. Despite the varied TDIR investments they have in place, they are struggling to thoroughly conduct comprehensive analysis and response activities,” said Steve Moore, Exabeam Chief Security Strategist and Co-founder of the Exabeam TEN18 cybersecurity research and insights group. “Looking at the lack of automation and inconsistencies in many TDIR workflows, it makes sense that even when security teams feel they have what they need, there is still room to improve efficiency and velocity of defense operations.”
North America had the highest rate of security incidents at 66%, closely followed by Western Europe at 65%, while the APJ region reported the lowest visibility at 62%. This lower rate could be due to incidents simply being missed and underreported.
“As organizations continue to improve their TDIR processes, their security program metrics will likely look worse before they get better. But the tools exist to put them back on the front foot,” said Moore. “Because AI-driven automation can aid in improving metrics and team morale, we’re already seeing increased demand to build even more AI-powered features. We expect the market demand for security solutions that leverage AI to continue in 2024 and beyond.”
Edited by
Greg Tavarez
