State of SecOps: Thailand Braces Against Phishing,
Ransomware Surge and Alert Fatigue, Urging Swift Adoption of AI, and Automation
for Security Operations
Dec 19, 2023/Bangkok: Fortinet®, the global cybersecurity leader driving the convergence of networking and security, has revealed the outcomes of a new survey conducted by IDC on the state of Security Operations (SecOps) in the Asia-Pacific region. The survey, commissioned by Fortinet, provides valuable insights into the current SecOps landscape, emphasizing the role of Artificial Intelligence (AI) and automation. It explores various aspects, including prevalent security practices, attack frequency and impact, detection and response times, alert fatigue, the status, and impact of automation in SecOps workflows, and challenges related to skill development within the SecOps domain. Key findings from Thailand Survey include:
Current Security Challenges: Threats and Team Readiness
·
Most Common Cyber Threats: Phishing and
Identity Theft is the predominant cyber threat in Thailand, with approximately 50%
of organizations ranking it as their top concern. The top five threats include
phishing, identity theft, ransomware, unpatched vulnerabilities, and IOT-Based attacks,
with the threat landscape varying by country.
·
Ransomware Surge: Ransomware incidents
have doubled across Thailand, with 56% of organizations reporting at least a 2X
increase in 2023, compared to 2022. Phishing and malware are the primary attack
vectors. Other significant vectors include social engineering attacks, insider
threats, and zero-day exploits.
·
Insider Threats and Remote Work: 80% of the
respondents feel that Remote work has led to an increase in insider threat
incidents. Insufficient training, lack of employee care, and inadequate
communication contribute to this surge, emphasizing the need to address human
factors in cybersecurity.
·
Resourcing IT Security Teams: Just 50% of
businesses across Asia have dedicated IT resources for security teams. This augments
the challenges faced by organizations in strengthening their security measures.
·
Impact of Emerging Technologies: Hybrid work,
AI, and IT/OT system convergence pose significant challenges. Cloud technology
adoption emerges as a primary challenge, impacting organizational vulnerability
to cyber threats.
SecOps SOS: Struggles with Alert Fatigue and Threat
Containment
·
Threat Containment and Preparedness: Approximately half (52%) of the surveyed organizations express concerns about being underequipped for threat containment. This dissatisfaction highlights the critical need for enhancing cybersecurity capabilities to effectively counter evolving cyber threats. Alarmingly, three out of four organizations do not conduct regular risk assessments, exacerbating the challenge of timely threat detection.
·
Alert Fatigue: More than 50% of
surveyed enterprises experience an average of 221 incidents per day and 2 out
of 5 enterprises grapple with over 500 incidents daily, leading to alert
fatigue. The top two alerts faced are malware or virus detections and accounts
lockouts, highlighting the imperative for targeted training on awareness.
Additionally, suspicious emails (phishing), suspicious user behaviour and
multiple failed login attempts contribute to alert fatigue.
·
Workload and Time Constraints: On average, there is only one SecOps professional for every 219 employees, each of whom manages about 35 alerts daily. This workload places significant pressure on cybersecurity professionals, allowing them approximately 14 minutes to address each alert within an 8-hour workday. The time constraint underscores the necessity for efficient processes, automation, and prioritization to effectively manage the workload.
·
False Positives and Response Time: The
challenge of false positives persists, with 60% of respondents noting that at
least 25% of the alerts they receive are false positives with email security
alerts/phishing, traffic spike alerts and user account lockout alerts being the
top contributors.
·
Skills Development: 98% of
respondents find it challenging to keep their team's skills updated with the
rapidly changing threat landscape. Survey respondents prioritize the ability to
automate (62%) as a key skill for Security Operations Centre (SOC) teams,
highlighting the growing importance of automation in cybersecurity. This, along
with the ability to multi-task and critical thinking, underscores the evolving
skill set needed in the face of dynamic cyber threats.
Automation in SecOps: Current Adoption and Future
Possibilities
·
High Adoption, and Untapped Potential: A
significant majority (96%) of organizations have embraced automation and
orchestration tools in their security operations, underscoring the widespread
recognition of their value in fortifying cybersecurity strategies. Despite the
prevalent adoption of automation tools, the survey suggests that organizations
have yet to fully harness the complete potential of these technologies.
Opportunities for improvement are identified in areas such as streaming
response triage, incident containment, remediation, recovery, and threat
containment.
·
Productivity Gains: Notably, around 93% of
respondents have experienced significant productivity gains, with at least a
25% improvement in incident detection times attributed to automation.
·
Future Plans and focus areas for Optimization: Organizations
are actively pursuing the optimization of automation processes to establish a
more streamlined cybersecurity framework. Looking ahead, 100% of organizations
across Asia-Pacific express their intent to implement automation and
orchestration tools within the next 12 months. Strategically, organizations are
focusing on leveraging automation tools to streamline response triage,
accelerate incident containment, and minimize recovery time.
Beyond Threats: SecOps Preparedness and Future Priorities
·
Faster Threat Detection and Response takes
centre stage: Organizations recognize the pivotal role of automation in
enabling rapid and efficient detection and response to cyber threats,
reflecting a proactive approach in bolstering their security resilience. Survey
results highlight that 70.7% of organizations across Asia-pacific prioritized
faster threat detection, while 58.5% seek to increase overall threat detection
capabilities through automation.
·
Holistic Automation for
Enhanced Security Operations: Over 50% of respondents say
that the top areas for automation include maximizing visibility, automated
responses, and threat intelligence, and optimizing the operational efficiency
of existing security resources and intelligence. The emphasis on holistic
automation signifies a comprehensive approach to security operations,
incorporating intelligence optimization and automated responses. This approach
aims to improve overall efficiency, visibility, and intelligence utilization amidst
dynamic cybersecurity challenges.
·
Future Security Operations Priorities: Organizations
are gearing up to prioritize security operations investments in the next 12
months. The top five priorities include boosting network and endpoint security,
empowering staff cyber awareness, elevating threat hunting and response,
updating critical systems, and performing security audits. These priorities
align with the evolving threat landscape and underscore the strategic focus on
comprehensive cybersecurity measures.
Supporting Quotes:
Simon Piff, Research Vice-President, IDC Asia-Pacific: “Securing
modern IT infrastructures requires a continuous commitment to vigilance,
proactivity, and adaptability amid challenges posed by hybrid work, AI, and
cloud technologies. This dynamic shift from static controls to a risk-centric
cybersecurity posture aligns seamlessly with the evolving technological
landscape. The integration of AI-assisted tools, reassessment of staffing,
potential outsourcing, and increased automation emerge as imperative facets
highlighted by the survey, emphasizing the urgency for organizations to embrace
automation strategically.
Pakthapa Chatkomes, Country Manager, Fortinet Thailand: In the ever-evolving cybersecurity landscape, 70.7% of organizations prioritize faster threat detection through automation. At Fortinet, we recognize the imperative of swift detection and response as the cornerstone of an enhanced cybersecurity posture. Automation plays a crucial role in promptly identifying and responding to cyber threats, minimizing the window of vulnerability. Our customers' experiences underscore this urgency, with a transformative reduction from an average of 21 days to just one hour for detection, driven by AI and advanced analytics. This signifies a fundamental step in fortifying cybersecurity defences, where time to detect and respond is paramount. Automation, in this context, emerges as the linchpin in navigating the challenges of today's dynamic threat landscape”.
Dr. Rattipong Putthacharoen, Senior Manager, Systems Engineering, Fortinet Thailand: In the ever-evolving threat landscape, organizations grapple with a spectrum of cyber threats targeting their digital assets. Fortinet's Security Operations Solutions, underpinned by advanced AI, not only addresses the pressing need for automation but provides a comprehensive strategy for incident detection and response. Our commitment to empowering organizations in navigating the dynamic cybersecurity terrain is showcased through innovative solutions. These include an impressive one-hour (less in most cases) average time to detect and contain threats, an 11-minute investigation and remediation average, a staggering 597% ROI, doubling of team productivity and a substantial $1.39 million reduction in expected breach costs.
About the IDC Survey
IDC
conducted a survey with 550 IT leaders who make or influence security decisions
for their organizations. Conducted between October and November 2023, the
Asia-Pacific survey looked at organizations with a global headcount of
250–5,000+ employees. The study covers 11 markets: Australia, Hong Kong, India,
Indonesia, Malaysia, New Zealand, Singapore, South Korea, Thailand, the
Philippines, and Vietnam. The findings are published in an IDC Executive
Summary, sponsored by Fortinet, State of SecOps: Asia-Pacific Braces Against
Phishing, Ransomware Surge and Alert Fatigue, Urging Swift Adoption of AI, and
Automation for Security Operations, doc #AP72351X, December 2023
About Fortinet:
Fortinet is a
driving force in the evolution of cybersecurity and the convergence of
networking and security. Our mission is to secure people, devices, and data
everywhere, and today we deliver cybersecurity everywhere you need it with the
largest integrated portfolio of over 50 enterprise-grade products. Well over
half a million customers trust Fortinet's solutions, which are among the most
deployed, most patented, and most validated in the industry. The Fortinet
Training Institute, one of the largest and broadest training programs in the
industry, is dedicated to making cybersecurity training and new career
opportunities available to everyone. FortiGuard Labs, Fortinet’s elite threat
intelligence and research organization, develops and utilizes leading-edge machine
learning and AI technologies to provide customers with timely and consistently
top-rated protection and actionable threat intelligence. Learn more at
https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.
ไม่มีความคิดเห็น:
แสดงความคิดเห็น