IT professionals feel ill-prepared for emerging threats
A recent survey commissioned by the Cloud Security Alliance (CSA) and Dazz reveals that a significant majority of IT and security professionals, approximately 77 percent, feel inadequately equipped to deal with emerging security threats. More than 2,000 respondents participated in the study, expressing insights about the challenges and necessary improvements in their organisations' remediation operations practices.
The findings have accentuated the critical need for unified visibility across code-to-cloud environments to effectively mitigate risks. Hillary Baron, the report's lead author and Senior Technical Director for Research at the Cloud Security Alliance, highlighted that the number of security tools an organisation has isn't as important as their efficiency and ability to reduce vulnerabilities. Baron noted that "As cybersecurity threats evolve, organisations must adapt by seeking better visibility into their code-to-cloud environment, identifying ways to accelerate remediation, strengthening organisational collaboration, and streamlining processes to counter risks effectively."
Several crucial areas of concern emerged from the study. Notably, there exists a significant apprehension regarding the frequency of vulnerabilities in code and their inclination to resurface, highlighting a pattern of expedient solutions rather than sustainable, long-term strategies. A substantial 38% of respondents estimated that between 21% and 40% of their code contains vulnerabilities, and over half of the addressed vulnerabilities were found to reappear within a month of the remediation process.
The survey also found that most organisations grapple with maintaining visibility in their cloud environments. Only 23% of organisations reported complete visibility, with a surprising 77% experiencing sub-par transparency. This suggests that the inherent complexity of these environments poses substantial challenges, especially when integrating advanced architectures like containers and serverless.
Duplicate alerts and false positives were identified as significant concerns, with these being a problem for 63% and 60% of companies respectively. This predicament underlines the disadvantages of an excessive volume of data bombarding security teams leading to 'alert fatigue', prioritisation struggles and eventually, slower incident response.
An expansion in security tooling is proving to create more complexity within organisations, with 61% of organisations operating between three and six different detection tools. Furthermore, 45% were planning to increase their security tooling budget in the coming year, potentially introducing more tools to the landscape.
The study emphasises a considerable gap for improvement in the remediation process. Seventy-five percent of organisations revealed their security teams spent upwards of 20% of their time performing manual tasks when addressing security alerts, even though 83% claimed to utilise at least some automation in their remediation process.
Delays in responding to vulnerabilities were also highlighted, with 18% taking more than four days to address critical vulnerabilities and 3% exceeding two weeks. These slow responses could expose companies to prolonged risk periods and increase their vulnerability to breaches. The findings serve as a stark reminder to organisations of the importance of effective remediation operations practices to counter evolving security threats.