Blog Post

Dark Reading Spotlights Critical Incident Response Gaps

Incident response (IR), the process of managing security compromises, has come a long way in the past few years and is just now rising to a level of importance in the security community that was previously reserved for perimeter systems and prevention measures.

Today, more than three-quarters of organizations have at least one staffer dedicated specifically to IR, and an additional 1 in 10 have more than 25 dedicated responders. However, while the proportion of resources devoted to prevention vs. IR differs widely between businesses, most are still allocating more resources to perimeter defense than to IR. This is perhaps justified considering that 47% of respondents state that less than 5% of the incidents they investigate result in any negative impact to the business. Or, in other words, the source of incidents (i.e. detection solutions) are still rife with false positives.

These are just a few of the statistics uncovered in Dark Reading’s 2019 Incident Response Survey, sponsored by Awake. Speaking with 150 IT and cybersecurity professionals, the report finds that there’s widespread concern about the rising number of enterprise attacks – particularly those targeting intellectual property, proprietary business information, and customer and employee data. This has prompted most organizations to implement IT tools and processes, but there are still critical gaps that may be holding security teams back.

Most concerning in Dark Reading’s findings was an unnervingly high number of organizations that have not implemented IR measures. Causes for this oversight ran the gamut from a lack of management support for IR efforts (only 37% of respondents felt their management understood and recognized the importance of incident response for enterprise security) to security teams that are just not enabled with the right tools and processes. For instance, only 18% of organizations rate the SIEM as useful for effective IR—that is a shocking statistic and may indicate buyer remorse considering this use case is often thought of as a primary for SIEM deployments. In fact, “Analyzing system, network, and applications logs to identify anomalous behavior/activity” was rated as the most challenging task in the IR process. At Awake, we agree that network traffic analysis could certainly be made easier and more accessible to a broader audience.

When it comes to attacks, phishing, malware, and targeted attacks have stayed steady at the top of pros’ list of security concerns and causes for alerts. However, this focus doesn’t seem to be helping as much as one might hope. Enterprises reported more and more costly data breaches last year than in almost any previous year. What that tells us for certain—and something that experts agree on— is that IR is a critical component of effective threat detection, response, and mitigation.

If you’d like to learn more about the state of incident response and how these processes are impacting businesses today, you can download the full Dark Reading report here.

Download Report