Current security challenges: threats and team readiness

• Most common cyberthreats: Phishing is the predominant cyberthreat in Asia, with 50% of organizations ranking it as their top concern. The top five threats include phishing, ransomware, unpatched vulnerabilities, identity theft, and IOT-based attacks, with the threat landscape varying by country.
• Ransomware surge: Ransomware incidents have doubled across Asia, with 62% of organizations reporting at least a 2X increase in 2023, compared to 2022. Phishing and malware are the primary attack vectors. Other significant vectors include social engineering attacks, insider threats, and zero-day exploits.
• Insider threats and remote work: 78% of the respondents feel that Remote work has led to an increase in insider threat incidents. Insufficient training, lack of employee care, and inadequate communication contribute to this surge, emphasizing the need to address human factors in cybersecurity.
• Resourcing IT security teams: 7 Only 50% of businesses have dedicated IT resources for security teams. This augments the challenges faced by organizations in strengthening their security measures.
• Impact of emerging technologies: Hybrid work, AI, and IT/OT system convergence pose significant challenges. Cloud technology adoption emerges as a primary challenge, impacting organizational vulnerability to cyberthreats.

SecOps SOS: struggling against alert fatigue and threat containment

• Threat containment and preparedness: 47% of the surveyed organizations express concerns about being underequipped for threat containment. This dissatisfaction highlights the critical need for enhancing cybersecurity capabilities to effectively counter evolving cyber threats. Alarmingly, three out of four organizations do not conduct regular risk assessments, exacerbating the challenge of timely threat detection.
• Alert fatigue: : Ransomware incidents have doubled across Asia, with 62% of organizations reporting at least a 2X increase in 2023, compared to 2022. Phishing and malware are the primary attack vectors. Other significant vectors include social engineering attacks, insider threats, and zero-day exploits.
• Insider threats and remote work: 78% of the respondents feel that Remote work has led to an increase in insider threat incidents. Insufficient training, lack of employee care, and inadequate communication contribute to this surge, emphasizing the need to address human factors in cybersecurity.
• Workload and time constraints: On average, there is only one SecOps professional for every 200 employees, each of whom manages about 40 alerts daily. This workload places significant pressure on cybersecurity professionals, allowing them approximately 12 minutes to address each alert within an 8-hour workday. The time constraint underscores the necessity for efficient processes, automation, and prioritization to effectively manage the workload.
• False positives and response time: The challenge of false positives persists, with 67% of respondents noting that at least 25% of the alerts they receive are false positives with email security alerts/phishing, user account lockout alerts, and cloud security alerts being the top contributors. 82% of teams take more than 15 minutes to validate an alert, highlighting the need for automation.
• Skills development: 97% of respondents find it challenging to keep their team’s skills updated with the rapidly changing threat landscape. Survey respondents prioritize the ability to automate (62%) as a key skill for Security Operations Centre (SOC) teams, highlighting the growing importance of automation in cybersecurity. This, along with the ability to multi-task and critical thinking, underscores the evolving skill set needed in the face of dynamic cyber threats.

Automation in SecOps: current adoption and future possibilities

• High adoption and untapped potential: A significant majority (87.6%) of organizations have embraced automation and orchestration tools in their security operations, underscoring the widespread recognition of their value in fortifying cybersecurity strategies. Despite the prevalent adoption of automation tools, the survey suggests that organizations have yet to fully harness the complete potential of these technologies. Opportunities for improvement are identified in areas such as streaming response triage, incident containment, remediation, recovery, and threat containment.
• Productivity gains : Notably, around 91% of respondents have experienced significant productivity gains, with at least a 25% improvement in incident detection times attributed to automation.
• Future plans and focus areas for optimization: Organizations are actively pursuing the optimization of automation processes to establish a more streamlined cybersecurity framework. Looking ahead, a significant number of organizations (60%) across Asia Pacific express their intent to implement automation and orchestration tools within the next 12 months. Strategically, organizations are focusing on leveraging automation tools to streamline response triage, accelerate incident containment, and minimize recovery time.

Beyond threats: SecOps preparedness and future priorities

• Faster threat detection and response takes centre stage: Organizations recognize the pivotal role of automation in enabling rapid and efficient detection and response to cyber threats, reflecting a proactive approach in bolstering their security resilience. Survey results highlight that 70.7% prioritize faster threat detection, while 58.5% seek to increase overall threat detection capabilities through automation.
• Holistic automation for enhanced SecOps: More than 50% of respondents say that the top areas for automation include maximizing visibility, automated responses, and threat intelligence, and optimizing the operational efficiency of existing security resources and intelligence. The emphasis on holistic automation signifies a comprehensive approach to security operations, incorporating intelligence optimization and automated responses. This approach aims to improve overall efficiency, visibility, and intelligence utilization amidst dynamic cybersecurity challenges.
• Future SecOps priorities: Organizations are gearing up to prioritize security operations investments in the next 12 months. The top five priorities include boosting network and endpoint security, empowering staff cyber awareness, elevating threat hunting and response, updating critical systems, and performing security audits. These priorities align with the evolving threat landscape and underscore the strategic focus on comprehensive cybersecurity measures.