Staffing Woes Hamper Incident Response Teams

A new security study concludes that businesses are understaffed and ill-prepared to evaluate and manage cyber risks.

Demisto has unveiled its “The State of Incident Response 2017,” which shows how incident response teams investigate potential cyberattacks.

Demisto’s Rishi Barghava

The results of the 200-plus respondents are not particularly encouraging. IT departments face a high volume of incidents – 350 per week on average – but 40 percent of organizations say they are not able to measure incident response. Even Verizon notably was slow in responding to a potential data breach last month.

One of the underlying factors for the lack of preparedness is staffing. Approximately four in 10 (40 percent) respondents say they have more incidents than their staff can handle. The vast majority of respondents (90 percent) say they struggle to find skilled security staff. More over, it takes an average of nine months to properly train new hires. All of that combines with a significant turnover; one-third of security staff leaves within three years.

“One goal for this unique study was to gain better insights into how to address future threats by determining today’s major pain points for organizations,” said Rishi Bhargava, Demisto vice president of marketing  “Incident response must continue to evolve to meet current and emerging threats. The key to effective incident response is having the right combination of people, technology and processes. However, this study revealed that many organizations are far from having this right combination.”

About half (54 percent) of the respondents say their two main priorities are security operations and incident response. Demisto says security teams need solutions that combine incident management, security orchestration and “collaborative investigation.”

“To ensure that the time of experienced and skilled analysts is effectively utilized and that their knowledge and experience don’t walk out the door with them, organizations need the ability to perform collaborative, interactive investigations to scale the incident-response function effectively within a security operations center,” the report said.

The study found that most companies do incident response in-house; 41 percent is fully in-house, while 42 percent is in-house with the help of consultants. Only one in 100 (1 percent) companies fully outsourced their security operations, while 15 percent partially outsourced.

“Outsourcing can be a viable option for many companies. Vendors specializing in cybersecurity recruit trained analysts with top-notch skills,” the report said. “They can often deliver results faster than in-house analysts and are typically more up-to-date on threats lurking in cyberspace. However, an organization may not be able to have ’round-the-clock access to analyses or data, and self-service functions may be limited.”

You can access the report on Demisto’s website. Demisto provides security automation and launched a channel program last month.