The results of a recent IDC poll on the state of Security Operations (SecOps) in the Asia-Pacific region were released by Fortinet, the global cybersecurity leader advancing the convergence of networking and security. The poll, which was conducted on behalf of Fortinet, offers insightful information on the state of SecOps today and emphasizes the need of automation and artificial intelligence (AI). It looks at a number of topics, such as common security procedures, the frequency and impact of attacks, detection and reaction times, alert fatigue, the state and effect of automation in SecOps workflows, and difficulties with developing skills in the SecOps field. Important conclusions from India consist of:
Threats and Team Readiness in the Current Security Challenges
Most common cyber threats: Cyber dangers that are most common in India are phishing and insider threats, which are ranked as the top concerns by about 50% of organizations. Phishing, ransomware, insider threats, unpatched vulnerabilities, and identity theft are the top five dangers.
Ransomware Epidemic: In India, ransomware occurrences have risen, with 70% of organizations indicating a minimum 2-fold increase in 2023 over 2022. Malware and phishing are the main ways to launch an assault. Insider threats, zero-day exploits, and social engineering attacks are some more important avenues.
Insider Threats and Remote Work: According to 88% of respondents, there has been a rise in insider threat incidences as a result of remote work. This increase is a result of poor employee care, inadequate communication, and inadequate training, underscoring the necessity of addressing human elements in cybersecurity.
IT Security Team Resources: Just 44% of companies allocate specific IT resources to security teams. This makes it more difficult for organizations to bolster their security protocols.
Impact of Emerging Technologies: AI, IT/OT system convergence, and hybrid work present serious difficulties. Adoption of cloud technology becomes a major barrier that affects an organization’s susceptibility to cyberattacks.
Battles Alert Fatigue and Threat Containment in SecOps SOS
Threat Containment and Preparedness: About one in three of the organizations polled voiced worries about their lack of adequate tools for threat containment. This discontent emphasizes how urgently cybersecurity capabilities must be improved in order to successfully combat growing cyberthreats. Remarkably, three out of every four organizations do not regularly perform risk assessments, which makes it more difficult to identify threats in a timely manner.
Alert Fatigue: Two out of every five examined organizations deal with more than 500 occurrences a day, and over 50% of them experience an average of 221 incidents each day. Sensitive emails (phishing) and repeated unsuccessful login attempts are the two most common alerts received, underscoring the necessity of focused phishing awareness training. Alert fatigue is also exacerbated by the identification of malware or viruses, suspicious user behavior, and anomalous network activity.
Workload and Time Constraints: There are typically 214 employees per SecOps specialist, and each one handles approximately 48 alerts each day on average. Cybersecurity experts are under a lot of pressure because of this workload; in an eight-hour workday, they can handle each alarm in around ten minutes. The temporal restriction highlights the need for streamlined procedures, automation, and prioritization in order to efficiently handle the task.
False Positives and Response Time: The issue of false positives is still present; according to 74% of respondents, at least 25% of the alerts they receive are false positives. The most common causes of false positives are alerts about phishing and email security, traffic spikes, user account lockouts, and cloud security. Automation is required since 82% of teams take more than 15 minutes to validate an alarm.
Abilities Development: Given how quickly threats are evolving, 88% of respondents say it is difficult to maintain their team’s abilities up to date. The capacity for automation is ranked highest by survey participants (62%) as a critical competency for Security Operations Center (SOC) teams, underscoring the automation’s increasing significance in cybersecurity. This highlights the changing skill set required in the face of dynamic cyber threats, together with the capacity for multitasking, critical thinking, and the appropriate set of certifications.
Automation in Security Operations: Present Use and Prospects
High Adoption and Untapped Potential: Automation and orchestration tools have been used by all survey organizations in their security operations, demonstrating the general understanding of their importance in strengthening cybersecurity strategy. The poll indicates that although automation tools are widely used, organizations may not have completely utilized their full potential. There are areas like incident containment, threat containment, remediation, recovery, and streaming response triage where there is room for improvement.
Productivity Gains: Remarkably, approximately 96% of participants reported notable increases in productivity, with automation being credited for at least a 25% improvement in incident detection times.
Future Plans and Optimisation Focus Areas: In order to create a more efficient cybersecurity framework, organizations are actively seeking to optimise automated processes. Anticipating ahead, a noteworthy proportion of Asia-Pacific organizations (60%) declare their intention to incorporate automation and orchestration solutions in the upcoming year. Organizations are strategically concentrating on utilizing automation solutions to expedite incident containment, simplify response triage, and shorten recovery times.
Beyond Dangers: SecOps Readiness and Upcoming Objectives
Prioritizing Faster Threat Detection and Response: Organizations are taking a proactive stance to strengthen their security resilience by realizing the critical role automation plays in enabling quick and effective cyber threat identification and response. According to survey data, 58.5% of respondents want to improve total threat detection capabilities through automation, while 70.7% of respondents prioritize faster threat detection.
Holistic Automation for Enhanced Security Operations: According to more than half of the respondents, the most important areas for automation are threat intelligence, automated responses, and visibility maximization. Additionally, they should optimize the operational efficiency of currently available security resources and intelligence. The focus on holistic automation denotes an all-encompassing strategy for security operations that includes automated reactions and intelligence optimization. This strategy seeks to increase overall effectiveness, visibility, and intelligence utilization in the face of changing cybersecurity threats.
Future Security Operations Priorities: In the upcoming year, organizations are preparing to give security operations investments top priority. Increasing network and endpoint security, empowering staff cyber knowledge, stepping up threat hunting and response, upgrading vital systems, and carrying out security audits are the top five goals. These goals emphasize the strategic focus on all-encompassing cybersecurity measures and are in line with the changing threat scenario.
