Security and analytics
A new study points to a lack of skills and dedicated resources as major obstacles to detecting and mitigating security breaches and other threats.
59% of respondents cite a lack of skills and dedicated resources as the main obstacles to detecting and acting on cyber-security incidents and breaches. This is up from 30% in 2014.
41% are not satisfied with the availability of training and expertise needed to operate analytics and intelligence programs. This dropped from 48% in 2014.
In 2015, 67% were able to detect an attack in one week or less, versus only 50% in 2014. Yet 7% said their longest time to detection was more than 10 months, up from 5% in 2014.
83% said visibility into cyber-incidents improved with more effective intelligence programs that leverage analytics capabilities.
43% of organizations are working to increase visibility by integrating data from external threat providers, and 31% are planning to do so in the future.
35% cite a lack of centralized reporting and remediation controls as a barrier to identifying cyber-security incidents.
Only 3% of organizations think their analytics and intelligence processes for pattern recognition are fully automated, down from 9% in 2014, and another 6% report a “highly automated” intelligence and analytics environment, down from nearly 16% in 2014.
26% of respondents can’t understand and baseline “normal” cyber-security behavior. This dropped from 36% in 2014.
About 44% currently collect advanced threat intelligence information internally and save it for future detection activities; 43% use external third parties to collect advanced threat information for detection and response.
43% said they plan to make future investments in threat intelligence products and services, up from 25% in 2014. Similarly, 34% plan to use big data and analytics products, up from 21% in 2014.