CyberRes’ annual State of Security Operations Report has shed light on how enterprises are utilising security operations to modernise their business, secure the digital value chain, and systematically address modern threats to achieve greater enterprise resiliency. Overall, the report found that the increased adoption of advanced security technologies and hybrid-cloud deployments was primarily driven by the need to navigate and manage an increasingly complex and expanding attack surface due to rapid workforce transformation driven by the COVID-19 pandemic.
The CyberRes 2021 State of Security Operations report offers a close look at the changes, trends, challenges, and strategies of security operations (SecOps) teams around the globe. The survey behind the report specifically references the experiences of over 500 security operations managers, executives, and decision makers from around the world, and aims to provide implications and real insights to CISOs, CIOs, and other IT leaders to better secure their enterprises.
The report’s key highlights illustrate that 85 per cent of enterprises have increased their budget investment in security operations during the COVID-19 pandemic, 72 per cent have increased their staffing, and 79 per cent have increased their adoption of advanced security technologies. The key reason cited for the increased investment was to address the complexity, scale, and impact to business operations through the rapidly growing attack surface, as the result of rapid workforce transformation.
Along those same lines, security operations centres (SOCs) have increased their adoption of the cloud, with 95 per cent now deploying their solutions in hybrid-cloud environments, a radical adoption rate fuelled by the need to better manage security operations.
Mark Fernandes, global CTO, CyberRes, said, “The State of Security Operations report depicts a clearly defined pivot on how cyber plays a role in driving business modernisation, securing the digital value chain and driving digital transformation. SOCs of the future need to be resilient in combating modern artificial intelligence (AI)-led adversaries that do not rely on techniques of the past. The report shows that we are moving into an era of highly intelligent, counter-adversary centres that move the human analyst to the centre of creative interpretation of threats, where machines assist in countering modern threat actors using machine learning (ML), automation, cognitive and AI.”
KEY CISO HIGHLIGHTS FROM THE REPORT INCLUDE:
- SOC business prioritisation: 51 per cent of respondents stated that they are prioritising efforts to build repeatable processes backed by priority intelligence requirements (PIRs), rather than relying on generalised vendor-provided scoring, to align their SOCs with threat intelligence and better secure the value chain.
- SOC in an era of COVID: 85 per cent of respondents increased monitoring controls as a response to COVID-related workforce transformation, as well as complex remote and secure access service edge (SASE) access requirements.
- Growing complexity driving SOC priorities: 40 per cent of respondents indicated that the primary challenge facing their current security operations teams is their struggle to address an increasingly complex attack surface.
- Modern adversaries are out-innovating traditional SOCs: 79 per cent of respondents say their SOCs were required to increase adoption of advanced security technologies during COVID-19 to combat evolving threats. 36 per cent of respondents indicated that, over the next 12 months, they are planning to adopt techniques powering resilient security operations, which are designed to address modern adversaries and threat actors. These techniques include signals, shellcode, and dynamic malware analysis as well as more advanced end point, hunt, and response capabilities.
- Continuous readiness: 93 per cent of respondents stated that red teaming (i.e., simulating the actions of an adversary) was essential to their security operations, with 72 per cent conducting red teaming exercises at least twice per year to encourage constant vigilance.
KEY FINDINGS FROM AUSTRALIA
- 31 per cent stated that improving the detection of advance threats was one of the primary roles of automation, ML, and cognitive security technologies in their cyber operations.
- In the next 12 months, Australian organisations are planning to implement automation of: threat hunting (51 per cent), risk assessment (44 per cent), and attack surface management (38 per cent).
- 42 per cent use the Cyber Kill Chain threat modelling framework on a regular basis.
- The top challenges facing cybersecurity operations team in 2021 include: monitoring a growing attack surface (18 per cent), keeping up with the volume of alerts (16 per cent), and pre-emptively detecting threats to reduce exposure (15 per cent).
- 31 per cent stated that vulnerability assessment and patching would benefit most from an increase in skilled staffing.
- The pandemic has changed the way Australian security operations are run with:
- 86 per cent strongly agreeing or agreeing that their adoption of threat intelligence has increased
- 84 per cent strongly agreeing or agreeing that their adoption of a zero trust policy has increased
- 84 per cent strongly agreeing or agreeing that their investment in security training has increased
- 80 per cent strongly agreeing or agreeing that their adoption of cloud-based cybersecurity solutions has increased
- 78 per cent strongly agreeing or agreeing that their deployment of advanced security technologies has increased
- 78 per cent strongly agreeing or agreeing that their cybersecurity operations budget has increased
- 73 per cent strongly agreeing or agreeing that their cybersecurity operations staffing has increased
Read the full 2021 State of Security Operations report here.
