SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

CISOs Struggle with Multiple-Point Solutions

August 10, 2017

A report aggregates insight from over 150 security decision makers from large US enterprises in technology, financial services, oil and gas, and energy industries. The results reveal that the number one priority for security executives is achieving complete breach intolerance, which requires fundamental changes to to their staff’s skillsets, processes and tools.

The results point to the following trends:

•A majority (64 percent) of executives surveyed are concerned that the next breach or attack they experience could be severe, a fear that is coupled with the fact that decision makers do not know the system or the vector that will be attacked next.

•Many security executives (60 percent) are working on expanding or upgrading their current SOC deployment. Enterprises need their SOCs to be working at peak performance, evidenced by the fact that nearly 40 percent of respondents experienced three or more types of attacks in the last year, with many facing daily attacks.

•Most executives categorize their staff’s proficiency as only competent. Only 44 percent of organizations have a tier 1+ analyst, with an additional 44 percent agreeing on the need to improve their staff’s technical skills around endpoint security or find automation tools to fill the expertise gap.

CISOs Crave Simplicity, Struggle with the Complexity of Multiple-Point Solutions

The survey uncovered that 71 percent of respondents are using five or more technologies in their SOC, and a third of respondents are using eight or more technologies. One CISO of a global energy company stated: “What I’d like to do is reduce the overall risk footprint, thus being able to reduce the number of tools. There’s a lot of work that we’re doing to try to reduce overlap of tools.”

Unlike legacy EDR tools, Endgame provides the only single-agent endpoint platform to unite prevention, detection and response, and threat hunting to stop targeted attacks, including the recent WannaCry and Petya ransomware attacks, malwareless attacks, and zero-day exploits.

The Cybersecurity Skills Gap Presents CISOs with Major Problems

Apart from complexity around multiple point products, security executives also stressed the need to find and retain staff with expertise required to combat targeted attacks. Regarding his staff, a CISO of a US banking organization commented: “They get a lot of drive-bys, where people come by and ask for help. That distracts them from what they really need to be doing. Because we’re short staffed, that keeps us from optimizing some of the tools that they need to optimize.”

This sentiment was also repeated by a CISO of a global energy company: “I think the biggest challenge that we’ve been facing is trying to get the right level of expertise. It’s very, very hard for us to find people that are experts in the field to come in and work with us.”

Terms of Use | Copyright © 2002 - 2017 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement