40% of organizations say they are not able to measure incident response, and even Verizon was notably slow in responding to a potential data breach last month, according to a new study by Demisto.
The State of Incident Response 2017 is a study of how incident response teams investigate potential cyber attacks, and the results were not particularly encouraging. IT departments face a high volume of incidents – 350 per week on average – and one of the underlying factors for the lack of preparedness for these incidents is staffing. Approximately four in 10 (40%) respondents say they have more incidents than their staff can handle.
The vast majority of respondents (90%) say they struggle to find skilled security staff. Moreover, it takes an average of nine months to properly train new hires. All of that combines with a significant turnover of staff as one-third of security staff will leave within three years.
“One goal for this unique study was to gain better insights into how to address future threats by determining today’s major pain points for organizations,” said Rishi Bhargava, Demisto vice president of marketing “Incident response must continue to evolve to meet current and emerging threats. The key to effective incident response is having the right combination of people, technology and processes. However, this study revealed that many organizations are far from having this right combination.”
The study found that most companies do incident response in-house - 41% is fully in-house, while 42% is in-house with the help of consultants. Only one in 100 (1%) companies fully outsourced their security operations, while 15% partially outsourced.