Pressure on SA SecOps teams mounts as need for real-time XDR grows
New approach needed in South Africa to empower SecOps’ to detect, respond and remediate growing attacks in real-time.
Less than 40% of South African security operations (SecOps) professionals are very confident in their ability to adapt to new online threats, with 34% only somewhat confident. While 18% are not confident in their ability to deal with continuously evolving threats, over 10% are undecided.
This was part of a global research study released today by cybersecurity company Trellix, a leading player in the extended detection and response (XDR) space.
In a statement released the media ahead of the company’s Xpand Live event in Las Vegas this week, the cybersecurity revealed the cost of siloed security, weak spots in protection and lack of confidence amongst SecOps teams.
The company believes that while threats have evolved, security has not – and this is a major ‘chink in the armour’ for SecOps teams.
Although South Africa is slightly ahead of the curve (relative to the global average) in its preparedness to deal with attacks, the number of threats is fast increasing, along with the stakes that attackers are playing for,” says South Africa country lead for Trellix, Carlo Bolzonello.
“Recent high-profile attacks, including separate breaches of the South African presence of leading global credit bureaus, along with ransomware attempts on a large parastatal and a critical government department, indicate that international hacking groups have their eyes firmly set on the country as a prime target,” he added.
Trelliix said based on a study of 9,000 global cybersecurity professionals, which also looks to the future of security, and the technology poised to revolutionise SecOps, 89% described their current security model as “siloed” (83.4% in South Africa).
Consequentially, three-quarters (73%) are likely allocating budget to advanced solutions, including XDR, to enable an integrated security approach.
“This research reveals how unsustainable the situation is for cybersecurity professionals today,” said Aparna Rayasam, chief product officer, Trellix. “Instead of relying on traditional siloed solutions that add complexity, businesses can reshape SecOps with a flexible, intelligent security architecture that consolidates security tools, so teams can work smarter and quickly remediate threats.”
More Integration Required. Only 11% of organisations are working with a fully integrated security model, with another 20% in the process of changing their siloed set-up. In South Africa, 16.6% of organisations report being fully integrated and 30.2% are in the process of breaking down existing silos.
The research revealed 61% of cybersecurity professionals globally work with more than ten different security tools or solutions across their organisation, with more than 20 tools for 5% of respondents.
Disconnected solutions are holding businesses back. Six in ten (60%) cybersecurity professionals admit their current security tools don't enable their SecOps team to work with maximum efficiency.
One third (34%) recognise they have blind spots in their protection today.
Opportunity to build SecOps confidence. 36% of cybersecurity professionals feel “very confident” in their organisation’s ability to quickly adapt to new threats (37.6% in South Africa), while 60% admit security threats evolve so rapidly, they're struggling to keep up.
On average, respondents’ organisations deal with 51 cybersecurity incidents each day, while over a third (36%) admit they cope with 50 to 200 incidents daily. Almost half (46%) report being “inundated by a never-ending stream of cyberattacks” as one of their biggest work frustrations.
A fifth (20%) say they can never or ‘only rarely’ prioritise and respond quickly to threats.
Protecting the Bottom Line. 84% estimate their organisation lost up to 10% of revenue from security breaches in the last twelve months. Medium size businesses (with US$50-100m revenue) lost an average of 8% in revenue, compared to 5% for large businesses (with a turnover of US$10bn - US$25bn), representing revenue losses of between $500m and $1.25bn.
XDR: A revolution in cybersecurity. A quarter (23%) of cybersecurity professionals have already implemented XDR in their organisation, with a further 42% very likely to do so in the next 12-18 months. Additional technologies very likely to be implemented are Network Detection and Response (NDR) (39%), Endpoint Detection and Response (EDR) (38%) and breach attack simulations (37%).
“The rapidly changing threat landscape is driving a level of complexity that is increasing exponentially,” Bolzonello says. “Cybersecurity is also no longer the exclusive domain of information officers, but a key concern for every manager, down to the smallest organisations.
“These factors, along with more people being online through an array of devices, mean that traditional tools are not sufficient and managers will be ever more reliant on AI-enabled XDR tools in an increasingly digital world,” he adds.