Cyber Warnings Ignored: 1 in 4 Firms Still Manually Investigate Alerts

In an era of increasing cyber threats, business and IT professionals are sounding the alarm: the reliance on manual alert investigation and the lack of skilled cybersecurity workers is putting businesses at risk. New research commissioned by BAE Systems shows the skills gap continues to challenge organizations both large and small as highly skilled employees prove difficult to find and retain.
In an era of increasing cyber threats, business and IT professionals are sounding the alarm: the reliance on manual alert investigation and the lack of skilled cybersecurity workers is putting businesses at risk. New research commissioned by BAE Systems shows the skills gap continues to challenge organizations both large and small as highly skilled employees prove difficult to find and retain.

In an era of escalating cyber threats, business and IT professionals are sounding a critical alarm: the deficit of skilled cybersecurity workers is putting us at risk.

New research commissioned by global defense, aerospace and security leader, BAE Systems, and conducted via Spiceworks, the leading network for IT professionals, shows the skills gap continues to challenge organizations, large and small.

The gap between the need for skilled cybersecurity employees and the qualified people available to fill these roles continues to grow.

BAE Systems’ new research shows that the skills gap is the primary challenge keeping organizations from reaching their security goals, with 50 percent of businesses identifying the lack of staff with the required security skills and expertise as the leading issue.

Almost 40 percent suggest retention and training are also factors, highlighting the difficulty of capturing best practices from experienced staff for more junior employees.

With teams stretched thin, and the number of alerts and hacking attempts increasing, some IT professionals are turning to technology to optimize and automate their security practices and reporting.

Targeted Cyber Attacks

(Cyber threats are constantly evolving – becoming more sophisticated, targeted and sustained. Hear from James Hatch, BAE Systems, Director of Cyber Services. Courtesy of The Business Debate and BAE Systems.)

Currently, over a third of mid-sized organizations surveyed (37 percent) are still investigating alerts manually, and a shocking 7percent – as many as over 1,200 US medium-sized businesses1 – are doing nothing with the alerts they receive.

On average, of the alerts that make it through the current security tools these organizations have in place, fewer than 20 percent are actually investigated.

“A lack of skilled cybersecurity resources is leaving essential work undone, and putting Americans at risk,” explains Colin McKinty, VP of Cyber Security Strategy with BAE Systems Applied Intelligence.

“Alerts go ignored because there are too few team members, and if even one of those alerts indicated suspicious activities that could lead to a legitimate threat of an imminent breach, the company has now lost critical time to secure its corporate and customer data, and protect its reputation.”

The IT professionals surveyed are working to address this risk.

While 43 percent of the organizations surveyed are planning to train up existing staff, and 36 percent plan to grow their team, the skills gap may make this route challenging.

Many are instead looking at bringing on new tools to optimize their security monitoring and reporting, to improve security with their existing team and help their security operations run more smoothly.

Colin McKinty, VP Cyber Security Strategy at BAE Systems Applied Intelligence
Colin McKinty, VP Cyber Security Strategy at BAE Systems Applied Intelligence

Research showed that 42 percent of IT professionals plan to buy additional tools – 54 percent reported seeking security monitoring tools that identify existing vulnerabilities and high priority incidents on the network, and the same number (54 percent) are looking to reduce the time between a breach and when the incident is reported.

When it comes to the current security tools employed by large businesses (500+ employees), the majority are happy with what they are using, with over three-quarters (78 percent) reporting they are satisfied or very satisfied with their current tools, and only 7 percent expressing dissatisfaction.

But it is a different story for mid-sized companies: almost one in five (17 percent) are dissatisfied with their current solutions.

The tools employed by smaller businesses put a significant burden on their IT teams – 37 percent of businesses with between 250-499 employees are manually investigating all logs and alerts.

New BAE Systems research shows half of mid-sized businesses name lack of skilled staff as top security monitoring concern.
New BAE Systems research shows half of mid-sized businesses name lack of skilled staff as top security monitoring concern.

“Identifying cyber risks is complex and time-consuming, and every day there is the risk of missing serious attacks before they cause significant impact, compromising company information, and the larger implications and costs associated with a high-profile breach,” added McKinty.

“The future of security technology is real-time.”

“Businesses need to be confident that attacks and risks on their network are being identified as they happen, without the need for large, dedicated security teams, or time-consuming manual investigations of alerts.”

Acknowledging the challenging resourcing climate facing today’s organizations, BAE Systems is committed to reducing the workload of teams responsible for security monitoring with solutions that help identify high priority incidents that require action from the noise of too-frequent security alerts.

BAE Systems Cyber Security Services

(BAE Systems provides expert consultancy and professional services including cyber security advisory services, threat intelligence, penetration testing, incident response and incident readiness services. Courtesy of BAE Systems.)

This improved signal-to-noise ratio is a result of archiving false positives and tracking them as they evolve to eliminate sending alerts for known low-priority threats.

Intelligent technology supporting a skilled security team; a smart way to address the skills gap.

(1) Estimated figure calculated using United States Census Bureau data for number of businesses by employment size, 2008: https://www.census.gov/epcd/susb/2008/us/US–.HTM

The data comes from 600 IT decision-makers in the UK and the US, from organizations with between 250 and 9,999 employees, in a variety of commercial sectors.

The online survey was conducted in November 2017, and respondents were required to be involved in the decision making process for security solutions at their organization, and employ security solutions that produce alerts.

Research highlights:

Skills gap continues to challenge organizations:

  • Of IT decision-makers surveyed, 50 percent say that the lack of staff with the required security skills & expertise is the most significant problem preventing them from achieving their security objectives.
  • 39 percent report difficulty capturing best practices from experienced staff for less experienced staff to follow.
  • Undeterred by the skills gap, in the next year, 43 percent plan to train up existing staff and 36 percent plan to increase the size of the team.

What IT pros are looking for in a security tool:

  • 54 percent of those surveyed are looking for a tool that minimizes the time between a breach and an incident being reported.
  • For over half of respondents (54 percent), two of their top three objectives for a security monitoring tool include “identifying existing vulnerabilities” and “identifying high priority incidents on the network”.

Satisfaction with current security tools:

  • While overall 73 percent of respondents are satisfied or very satisfied with the tool they’re currently using, mid-sized companies (250-499 employees) are much less happy: 17 percent are dissatisfied with their security tools.
  • Interestingly, 37 percent of mid-sized orgs investigate alerts and logs manually, and 7 percent do nothing proactive with the alerts they receive.
  • Over a quarter (27 percent) of respondents’ organizations investigate logs and alerts manually.
  • Of organizations whose teams do nothing proactive with logs & alerts, 25 percent are dissatisfied with their current security monitoring.

BAE Systems Applied Intelligence helps nations, governments and businesses around the world defend themselves against cybercrime, reduce their risk in the connected world, comply with regulation, and transform their operations.

BAE SystemsThey do this using our unique set of solutions, systems, experience and processes – often collecting and analyzing huge volumes of data.

These, combined with their Cyber Special forces – some of the most skilled people in the world, enables BAE Systems Applied Intelligence to defend against cyber-attacks, fraud and financial crime, enable intelligence-led policing and solve complex data problems.