Fortinet, the leading cybersecurity player driving the convergence of networking and security,
revealed the outcomes of a new survey conducted by IDC on the state of Security Operations
(SecOps) in the Asia-Pacific region. The survey, commissioned by Fortinet, provides valuable
insights into the current SecOps landscape, emphasized the role of Artificial Intelligence (AI) and
automation. It explores various aspects, including prevalent security practices, attack frequency
and impact, detection and response times, alert fatigue, the status, and impact of automation in
SecOps workflows, and challenges related to skill development within the SecOps domain. Key
findings from India include:
Current Security Challenges: Threats and Team Readiness
* Most Common Cyber Threats: Phishing and Insider threats are the most predominant
cyber threat in India, with Approximately 50% of organizations ranking them as their top
concerns. The top five threats include phishing, insider threats, ransomware, unpatched
vulnerabilities, and identity theft.
* Ransomware Surge: Ransomware incidents have doubled across India, with 70% of
organizations reporting at least a 2X increase in 2023, compared to 2022. Phishing and
malware are the primary attack vectors. Other significant vectors include social
engineering attacks, insider threats, and zero-day exploits.
* Insider Threats and Remote Work: 88% of the respondents feel that Remote work has
led to an increase in insider threat incidents. Insufficient training, lack of employee care,
and inadequate communication contribute to this surge, emphasizing the need to
address human factors in cybersecurity.
* Resourcing IT Security Teams: Only 44% of businesses have dedicated IT resources
for security teams. This augments the challenges faced by organizations in strengthening
their security measures.
* Impact of Emerging Technologies: Hybrid work, AI, and IT/OT system convergence
pose significant challenges. Cloud technology adoption emerges as a primary challenge,
impacting organizational vulnerability to cyber threats.
SecOps SOS: Struggles with Alert Fatigue and Threat Containment
* Threat Containment and Preparedness: Approximately one out of three surveyed
organizations express concerns about being underequipped for threat containment. This
dissatisfaction highlights the critical need for enhancing cybersecurity capabilities to
effectively counter evolving cyber threats. Alarmingly, three out of four organizations
do not conduct regular risk assessments, exacerbating the challenge of timely threat detection.
* Alert Fatigue: More than 50% of surveyed enterprises experience an average of 221
incidents per day and 2 out of 5 enterprises grapple with over 500 incidents daily, leading
to alert fatigue. The top two alerts faced are suspicious emails (phishing) and multiple
failed login attempts, highlighting the imperative for targeted training on phishing
awareness. Additionally, malware or virus detections, suspicious user behaviour, and
unusual network traffic contribute to alert fatigue.
* Workload and Time Constraints: On average, there is only one SecOps professional
for every 214 employees, each of whom manages about 48 alerts daily. This workload
places significant pressure on cybersecurity professionals, allowing them approximately
10 minutes to address each alert within an 8-hour workday. The time constraint
underscores the necessity for efficient processes, automation, and prioritization to
effectively manage the workload.
* False Positives and Response Time: The challenge of false positives persists, with
74% of respondents noting that at least 25% of the alerts they receive are false positives
with email security alerts/phishing, traffic spike alerts, user account lockout alerts, and
cloud security alerts being the top contributors. 82% of teams take more than 15 minutes
to validate an alert, highlighting the need for automation.
* Skills Development: 88% of respondents find it challenging to keep their team’s skills
updated with the rapidly changing threat landscape. Survey respondents prioritize the
ability to automate (62%) as a key skill for Security Operations Centre (SOC) teams,
highlighting the growing importance of automation in cybersecurity. This, along with the
ability to multi-task and critical thinking, right set of certifications, underscores the
evolving skill set needed in the face of dynamic cyber threats.
Automation in SecOps: Current Adoption and Future Possibilities
* High Adoption, and Untapped Potential: All the survey organizations have embraced
automation and orchestration tools in their security operations, underscoring the
widespread recognition of their value in fortifying cybersecurity strategies. Despite the
prevalent adoption of automation tools, the survey suggests that organizations have yet
to fully harness the complete potential of these technologies. Opportunities for
improvement are identified in areas such as streaming response triage, incident
containment, remediation, recovery, and threat containment.
* Productivity Gains: Notably, around 96% of respondents have experienced significant
productivity gains, with at least a 25% improvement in incident detection times attributed
to automation.
* Future Plans and focus areas for Optimization: Organizations are actively pursuing
the optimization of automation processes to establish a more streamlined cybersecurity
framework. Looking ahead, a significant number of organizations (60%) across Asia-
Pacific express their intent to implement automation and orchestration tools within the
next 12 months. Strategically, organizations are focusing on leveraging automation tools
to streamline response triage, accelerate incident containment, and minimize recovery
time.
Beyond Threats: SecOps Preparedness and Future Priorities
* Faster Threat Detection and Response takes centre stage: Organizations recognize
the pivotal role of automation in enabling rapid and efficient detection and response to
cyber threats, reflecting a proactive approach in bolstering their security resilience.
Survey results highlight that 70.7% prioritize faster threat detection, while 58.5% seek to
increase overall threat detection capabilities through automation.
* Holistic Automation for Enhanced Security Operations: Over 50% of respondents
say that the top areas for automation include maximizing visibility, automated responses,
and threat intelligence, and optimizing the operational efficiency of existing security
resources and intelligence. The emphasis on holistic automation signifies a
comprehensive approach to security operations, incorporating intelligence optimization
and automated responses. This approach aims to improve overall efficiency, visibility, and
intelligence utilization amidst dynamic cybersecurity challenges.
* Future Security Operations Priorities: Organizations are gearing up to prioritize
security operations investments in the next 12 months. The top five priorities include
boosting network and endpoint security, empowering staff cyber awareness, elevating
threat hunting and response, updating critical systems, and performing security audits.
These priorities align with the evolving threat landscape and underscore the strategic
focus on comprehensive cybersecurity measures.