Survey: Too Much Time Being Spent on Managing Cybersecurity Tools
A survey of 2,058 security leaders finds nearly half of respondents (46%) are spending more time maintaining tools than they do defending their organization from actual cyberattacks.
Conducted by Oxford Economics on behalf of Splunk, the survey also finds that 59% of respondents have identified tool maintenance as the main source of inefficiency for their teams.
More than three-quarters (78%) also noted their security tools are dispersed and disconnected, with 69% acknowledging their teams are encountering moderate to significant challenges as a result.
Well over half (57%), for example, report losing valuable investigation time because of data management gaps. Slightly more (59%) said there are too many alerts, with 55% noting there are too many false positives.
Additionally, more than half (52%) say their team is overworked, and an equal percentage said job stress has prompted them to think about leaving cybersecurity altogether. A total of 43% said the expectations of senior leadership in their organization are unrealistic.
In total, two-thirds of respondents (66%) report their organization experienced a data breach in the past year.
Splunk CISO Michael Fanning said the survey makes it clear that tool sprawl has become a major cybersecurity issue. Reliance on too many overlapping tools creates multiple data management issues that result in a greater number of false positives being generated, he noted.
Too often, cybersecurity teams are unaware a breach has occurred unless notified by a cybersecurity syndicate, added Fanning. Nation states may also be stealing data in a way that many cybersecurity teams are unaware of, simply because they are too overwhelmed to investigate.
The survey suggests that cybersecurity professionals are hopeful that artificial intelligence (AI) tools and platforms will help plug those gaps. A full 59% have moderately or significantly boosted their efficiency with AI, with slightly less (56%) prioritizing inclusion of AI within security workflows this year. Nearly two-thirds, 63%, said domain-specific AI significantly or extremely enhances security operations, with a third (33%) looking to fill skills gaps by relying more on AI and automation. However, only 11% of respondents said they completely trust AI for mission-critical tasks. Instead, the most widely adopted use cases for AI are threat intelligence analysis (33%), querying security data (31%) and writing/editing security policies (29%).
Most cybersecurity teams, however, would be better served by first concentrating on fundamentals, noted Fanning. Most cybercriminals are going to look for the path of least resistance, which usually involves compromising some type of credential, he added. The challenge is that a lot more of the credentials being stolen actually belong to machines and applications rather than specific end users, noted Fanning. As such, cybersecurity teams need to comprehensively review both who and what has access to various systems and applications, he added.
Cybercriminals, of course, are counting on the fact that cybersecurity teams will not be able to discover indicators of compromise in all the noise being generated by all the various tools being used. Hopefully, advances in AI and automation will make it easier to identify the signals in all the noise generated. In the meantime, however, there remains no substitute for proactively securing IT environments that, rather than breaking into, cybercriminals now routinely log into as if they were just another legitimate end user.
