SURVEY: Incident detection and response is top of mind

Most SA companies don’t have a single view of their security weaknesses, a recent survey has revealed.

The top cyber security challenge that businesses need to solve is to be able to detect and respond effectively to incidents given the ever-changing threat landscape. And just about 40% of organisations have a cyber investment programme, either already running or planned.

These were some of the key findings in a recent Cyber Security Survey, conducted by ITWeb in partnership with Skybox Security.

“It is the biggest trend across the globe that we are seeing deployment of technologies that apply AI and machine learning to find malware variations and different methods of attacks sooner; so organisations can be more proactive,” says Simone Santana, regional director for Southern Africa at Skybox Security.

“Within the Security Operations Centre, we’ve seen SOAR (Security Orchestration, Automation and Response) solutions also evolve to automate the response to threats so that operations teams can quickly identify and address these security incidents.

“If you have a sound vulnerability and risk management process, and if you have sound change- and policy management processes whereby you are continually tightening the efficacy of your security measures that reduces risk over time; then you will have less “detect and respond” to deal with because you’ve effectively reduced your exposure to risk and minimised the overall threat landscape.”

When it comes to network infrastructure, 58% of respondents use hyperscale public clouds, 56% use SaaS applications; and 47% use private cloud. The survey found that the majority of companies (60%) don’t have a single view of their assets, vulnerability and security weaknesses across on-prem and cloud infrastructure.

“Knowing what to protect is the first step to knowing how to protect your assets,” says Santana. “Most organisations have a lot of data - coming from sources such as firewalls, endpoint detection and response (EDRs), intrusion prevention system (IPSs), scanners, network devices etc. – which don’t necessarily aggregate all the data together. What they lack is a centralised comprehensive set of data to better enable the analysis of this data. It’s not just about having a lot of data. You can collect all the data in the world but if you’re not adding context to that data and analysing it appropriately, you’re not able to prioritise your efforts.”

While over 70% are aware they need to comply with POPIA/GDPR regulations, just about half (55%) believe they have adequate auditing and reporting mechanisms in place to meet compliance requirements.

The survey also revealed that just over half of the respondents (57%) believe they have a mature change

management process that enables them to validate rule changes and potential vulnerability exposure before rules are implemented.

What procedures can organisations put in place to ensure they have a mature and effective change management process in place?

“One needs to consider the maturity of the organisational processes that actually reduce risk, and not just automates a process to speed things up,” notes Santana. “What makes a technology platform like ours unique is the whole idea behind our ability to model all the elements in a network and then the ability to analyse and determine the exposure to risk from multiple perspectives before creating a workflow that is either approved/allowed or disapproved/discarded based on the risk metric unique to that organisation.”

The survey also revealed that one in four companies are inundated with vulnerability data and struggling to prioritise.

“When there is a flood of disconnected data, organisations need to have the right sets of data and the right tools in place to analyse the data appropriately,” comments Santana. “Aggregation and getting a single-view of this data, and adding the context and modelling to the data, will help streamline processes and reduce risk.”

About the survey

The 2020 Cyber Security Survey, in partnership with Skybox Security, was run online on ITWeb for a period of two weeks to access

the current cyber security strategies of SA organisations.

It captured

input from 270 respondents from a wide range of public and private sector organisations of all sizes. 34% of respondents are CEOs or MDs, and 26% are in middle management.

Follow the link to view the complete graphed results.

Follow the Key Findings and the Graphs links