What works in protecting an enterprise is a matter of debate in an era when the proper way for a CISO to plan strategy is to assume defences will be breached by any combination of advanced threats, zero-day threats and well-funded attackers.
So infosec leaders may be interested in the results of a vendor survey of 300 chief information security officers in six countries, a small group of which think they’ve got the right formula.
Eleven per cent – or 33 – of respondents rate themselves rather well, believing their organizations were highly effective at stopping a range of attacks. These include breach of customers’ and employee personal information, insider threats, distributed denial of service (DDoS) attacks, breach of customer credit card or financial information, as well as the ability to monitor of data and activity over time to identify vulnerabilities.
The survey, paid for by cloud IT management services provider ServiceNow, doesn’t detail all of the data gathered by the study. But it concluded that from the answers to some questions that this group of responders shared many characteristics, saying they
–have increased automation of security functions;
–have tight integration with other functions across the enterprise, especially IT;
— agree that strong relationships between IT and security are important to the success of their security function;
–rate the prioritization of security alerts in the larger context of the business as critical to the success of their security function;
– see security as a core strategic goal for their company.
Assuming this group of CISOs are right in their confidence in their strategies, and the characteristics detected by the report’s authors are a significant factor, they may form a basis for other infosec leaders to learn from.
On the other hand, the survey data released show the majority of responders not confident at all on their abilities. Just 56 per cent of respondents said they are highly effective at protecting against customer-information breaches, and just 51 per cent are highly effective at preventing DDoS attacks.
Overall only 19 per cent of CISOs said their organization is highly effective at preventing breaches. Just over one in ten reported suffering a significant security breach causing reputational or financial damage in the past three years.
Interestingly, 47 per cent of respondents agreed that insufficient quality and amount of data interfered were either a substantial or complete barrier to their security function’s ability to protect against, detect and respond to security issues.
With more CISOs recognizing that automating security functions is vital to keep on top of threats and alerts kicked off from sensors, just one-third of respondents said they currently bautomate more than 40 per cent of their security processes today.
However, two-thirds said will automate 40 per cent or more security tasks in three years.
In order their priorities for automation are threat intelligence, aggregation of alerts or incidents from multiple security tools into a single system, prioritizing incidents based on business criticality, trend reporting and contextualizing and identifying the business criticality of threats.
(By comparison the leading tasks being automated today are rioritizing incidents based on business criticality and aggregating incident reporting.)
As a provider of automation capability, ServiceNow has an interest in the topic. But the report also notes that “no matter how many tasks are done by machines, automation must be combined with process changes and effective talent strategies to deliver its full value. The quality and quantity of the data available is critical, too.”