CyberRes has found the increased adoption of advanced security technologies and hybrid-cloud deployments is primarily driven by an expanding attack surface, due to rapid workforce transformation caused by COVID-19.
The annual report, State of Security Operations 2021, CyberRes provides insights into how enterprises utilise security operations to modernise their business, secure the digital value chain, and systematically address modern threats to achieve greater enterprise resiliency.
The report offers a close look at the changes, trends, challenges, and strategies of security operations (SecOps) teams around the globe. The survey behind the report references the experiences of over 500 security operations managers, executives, and decision-makers worldwide. It aims to provide implications and real insights to CISOs, CIOs, and other IT leaders.
Some key findings show that 85% of enterprises have increased their budget investment in security operations during the COVID-19 pandemic, 72% have increased their staffing, and 79% have increased their adoption of advanced security technologies. The main reason for the increased investment was to address the complexity, scale, and impact on business operations through a rapidly growing attack surface.
Along the same lines, security operations centres (SOCs) have increased their cloud adoption, with 95% now deploying solutions in hybrid-cloud environments, a drastic adoption rate fuelled by the need to better manage security operations.
"The State of Security Operations report depicts a clearly defined pivot on how cyber plays a role in driving business modernisation, securing the digital value chain and driving digital transformation," says CyberRes, global CTO, Mark Fernandes.
"SOCs of the future need to be resilient in combating modern AI-led adversaries that don't rely on techniques of the past. The report shows we are moving into an era of highly intelligent, counter-adversary centres that move the human analyst to the centre of creative interpretation of threats, where machines assist in countering modern threat actors using machine learning, automation, cognitive and AI."
Some key CISO highlights from the report include 51% of respondents saying they prioritise efforts to build repeatable processes backed by priority intelligence requirements, rather than relying on generalised vendor-provided scoring, to align their SOCs with threat intelligence and better secure the value chain.
The report found a growing complexity driving SOC priorities, with 40% of respondents indicated the primary challenge facing their current security operations teams is the struggle to address an increasingly complex attack surface.
In the report, 79% of respondents say their SOCs were required to increase the adoption of advanced security technologies during COVID-19 to combat evolving threats. And 36% of respondents indicated that, over the next 12 months, they are planning to adopt techniques powering resilient security operations, which are designed to address modern adversaries and threat actors. These techniques include signals, shell code, dynamic malware analysis, and more advanced endpoint, hunt, and response capabilities.
Ninety-three per cent of respondents stated that red teaming (i.e., simulating an adversary's actions) was essential to their security operations, with 72% conducting red teaming exercises at least twice per year to encourage constant vigilance.
Some key findings include:
- 86% agreeing that their adoption of threat intelligence has increased.
- 84% agreeing that their adoption of a zero-trust policy has increased.
- 84% agreeing that their investment in security training has increased.
- 80% agreeing that their adoption of cloud-based cybersecurity solutions has increased.
- 78% agreeing that their deployment of advanced security technologies has increased.
- 78% agreeing that their cybersecurity operations budget has increased.
- 73% agreeing that their cybersecurity operations staffing has increased.