As we look back on a succession of headlines about data breaches and security lapses at some of the world’s largest companies, we find a consistent theme. Attackers have continued to improve their techniques requiring companies to compensate and raise the bar on cybersecurity. However, there are still several gaps that CSOs should address to avoid the headlines in the future.
1. Information overload
The average company is adept at storing information but much less proficient in using it. There is so much data out there that many find it difficult to separate the signal from the noise. This is only magnified by the scale and reach of today’s companies.
Some SecOps teams suffer from false positive fatigue. It is a common ailment resulting from repeated instances where security alerts turn out to be a false alarm. False positive fatigue dulls the senses and makes teams less likely to respond with vigilance when receiving real alerts.
Companies in this condition have seen success by triaging security information. Modern security software can do a lot to reduce the false positives with baselines, thresholds, and heuristics. Such systems are only as good as the data they are based on, but today’s systems can make use of significant historical and current operational data to make better decisions. This reduces the false positives and usually results in fewer false negatives as well. Such software ultimately minimizes the strain on SecOps teams, allowing them to perform at their best.
2. Insufficient integration
Another problem is the insufficient integration between security systems and systems management tools. Companies still struggle to transform independent silos of security information into a cohesive matrix of integrated systems containing security insights and metrics. It is not enough to deploy security systems if they do not work together. Companies must also combat their technology sprawl, consisting of various on-premise and cloud systems. In such a complex environment, it is easy for valuable information to fall through the cracks. This is one factor leading to attacker persistence on networks. Currently, attackers remain on a network for an average of 146 days before they are identified.
Follow Microsoft 365