Security intelligence and management firm Exabeam warns that the disconnect between CIOs/CISOs and their security operation centres (SOCs) is something companies urgently need to address.
Speaking after the findings of the company’s 2018 State of the SOC Report (registration required) were published, Exabeam’s VP & Chief Security Strategist, Stephen Moore, hammered home the point that just complaining there is not enough staff in a SOC team to deal with a cyber breach.
“The collective weight of the report represents a perfect storm benefitting only the adversary; too few defenders, inexperience, overwhelmed by alerts, and defending their network with out of date technology,” expounds Moore.
“It doesn’t make sense to have exhausted defenders before the fight even begins. In daily operation, especially in crisis, CIO’s and CISO’s base their personal brand on these defenders. Sadly, most executives don’t understand the needs, pain, and frustrations of their defenders. Have the conversation today and get comfortable with the investigative, analytic, and response processes that you ultimately represent.”
Moore acknowledges that staffing is an issue in the SOC, accepting that this is an issue in IT in general, but moves away from simply blaming staffing levels for a company’s problems during a data breach. “I’ve experienced not having enough staff during a breach, it isn’t easy. 45% of the respondents felt hey didn’t have enough staff, with 63% saying they could with 2-10 more staff.”
He then added that in addition to not having enough staff, 62% of respondents cited inexperienced staff as being a “major paint point.”
What the numbers mean
A worrying statistic is that only 51% of the companies who responded had cybersecurity insurance in place. “More UK companies have it in place than in the US,” added Moore. “It’s worrying they don’t have it, maybe CIOs look at the cost and think it is too expensive to add to their budgets?”
As you trawl through the survey the worry cited by Exabeam about the disconnect between CIOs and SOC professionals becomes increasingly clear:
• 79% of managers and frontline employees are concerned with the use of out-dated equipment, compared with just 22% of CIO and CISOs.
• Over half of SOC professionals (54%) believe the technology deployed in a SOC is underfunded.
• Frontline workers see inexperienced workers as a greater problem than their managers.
When the survey compared the function of a SOC between the UK and US it found little or no noticeable difference, with the US edging slightly farther ahead in the area of identify and threat assessment, with the UK slightly ahead in data loss prevention and malware analysis.
What does this mean?
Citing a lack of communication between IT teams that do all the work and the management who that has to account for their actions is hardly a new thing. That said, you would hope that in an environment where companies are tracking non-stop cyber attacks CIOs and CISOs would have learnt to put more time to one side to improve dialogue with their staff. As Moore says, the SOC team jumps into action to fix a cyber breach, but it is the boss who has to explain it to the share holders, board of directors, customers and, if they have it, insurance company.