The lack of incident detection and investigation puts companies and their CISOs’ jobs at significant risk, according to the Ponemon Institute.
In a recent survey sponsored by AccessData and which covered 1,083 CISOs, “startling” findings show that when a CEO and board of directors asks a security team for a briefing immediately following an incident, 65% of respondents believe that the briefing would be purposefully modified, filtered or watered down.
In addition, 78% of those polled believe that most CISOs would make a “best effort guess” based on limited information, and that they would take action prematurely and report that the problem had been resolved without this actually being the case.
The institute reported that this alarming disconnect results from several critical shortcomings in the current point solution approach to cybersecurity and incident response (IR).
First is a lack of timely compromise detection, with 86% of respondents saying detection of a cyber-attack takes too long.
Second is the inability of point solutions to prioritize alerts as they come in, with 85% saying they suffer from a lack of prioritization of incidents.
Third is a lack of integration between point solutions, with 74% saying poor or no integration between security products negatively affects response capabilities.
And finally, an overwhelming number of alerts is paralyzing IR efforts, as 61% say too many alerts from too many point solutions also hinders investigations.