There’s no doubt that most IT security professionals were left shaking their heads this week when it was revealed that the Federal Bureau of Investigation tried to inform the Hillary Clinton presidential campaign as far back as September of 2015 that their IT systems had been hacked. Alas, for a variety of issues relating mainly to a lack of IT security skills and flawed communications processes, it would take several more months for senior-level Clinton campaign officials to become aware of the true extent of the security breach.
Unfortunately, what occurred in the Clinton campaign is not an exception. A new study published this week by the McAfee Labs unit of Intel Security find that 93 percent of the 391 IT professionals surveyed acknowledged being unable to triage all potential cyber threats. The study finds that on average organizations are unable to sufficiently investigate 25 percent of security alerts.
But the most troubling aspect of the McAfee report is that 64 percent of the organizations surveyed said they rely on managed service providers to one degree or another for security operations assistance.
It’s hard to say with certainty whether the reason IT security issues are raising their ugly head now more than ever comes down to the number of attacks being launched or if there's simply more awareness that the attacks are being launched in the first place. For example, 67 percent of the survey respondents say they are coping with an increase in attacks. But, only 57 percent attribute that increase directly to a rise in the actual volume of attacks. Another 73 percent say it’s also attributable to the fact that they are now able to detect attacks more effectively.
Overcoming security challenges
The challenge and opportunity is that more awareness has yet to lead to faster remediation. IT organizations are clearly starting to invest more in Big Data analytics to identify anomalies and potential threats faster. It’s also clear, however, that many of them—in partnership with their MSP—are struggling when it comes to acting on that information.
A big part of the problem is obviously the sheer number of alerts being generated. The level of fatigue that sets in when IT organizations are forced to chase down one false alarm after another is considerable. But as exemplified by what occurred inside the Clinton campaign, there’s still much work to be done in terms of optimizing IT security processes.
2017 security priorities
Going into 2017, it should be obvious to every MSP that resolutions concerning IT security processes need to be made. Complete reviews of processes that span everything from how threats are detected through mediation are now required. Nothing drives that point home better than the revelation that another billion Yahoo user accounts have been breached on top of all the company’s previous disclosures. Obviously, the security audit processes at Yahoo are flawed. But in truth, Yahoo will not be the only company embarrassed by having to report multiple security breaches.
No one likes to admit that anything they're doing today is not nearly as good as it should be, but with each passing day cyber criminals are making a mockery of existing IT security processes. Given how much responsibility MSPs have for managing those processes, the review of the processes being employed across security operations centers is now nothing less than a mandatory requirement for 2017.