Almost 80 Percent Of Cyber Security Professionals Concerned They Don’t Have The Resources They need.

Censornet has released the results of a research project to understand the work challenges facing cyber security professionals, who are struggling to cope with the joint pressures of increasing security alerts, and too few staff to respond. The research revealed that companies are suffering from a lack of resources, both in terms of people and technology (79 percent), and 72 percent have considered leaving their jobs for this reason. Security professionals believe their jobs and the overall security of their organisations would benefit from an autonomous security solution that could automatically react to and prevent attacks.

More technology is harming cyber security

The survey found that security professionals are not being helped by their security solutions. Sixty-five percent want more technology but the average number of security products used is already 33 and 57 percent reported they are suffering from alert overload. What’s more, ineffective cyber security technology was the joint second threat facing organisations, alongside unexpected/new cyber security threats such as new ransomware (both 47 percent). It was only beaten by cyber security staff shortages (50 percent). This makes bad technology a higher concern than human error (40 percent) and insufficient budget (41 percent).

Ed Macnair, CEO, Censornet commented: “The skills shortage is considered the greatest cyber security risk to organisations, and it’s no secret that companies of all sizes have been having a hard time finding qualified personnel to manage their often-overwhelmed security operations. We can hardly be surprised that 74 percent of cyber security professionals describe themselves as “very busy”, but it is worrying that technology isn’t yet helping to solve the problem. In fact, it could be making it worse. The market has become saturated with point products – which is increasing cost and complexity and, as a consequence, reducing how effective they are.”

Professionals want autonomous security solutions

While point products are considered a risk, an overwhelming 86 percent think their organisation would benefit from autonomous security products, defined by Censornet as “a self-governing security system that operates across traditionally isolated products and autonomously reacts to protect against and prevent attacks from a wide range of sources, in real-time”.

The cyber security community is already converted to the benefits of autonomous technology. Seventy-eight percent said they’d trust an autonomous solution and, on average, it is believed that 58 percent of threats will be dealt with automatically in five years’ time.

Professionals believe the top benefits benefits of autonomous cyber security will be improved response and prevention (66 percent) and freeing up analysts to focus on bigger picture priorities (52 percent). When asked what would make their work life happier, more time to focus on value add activity (45 percent) only lost out to the predictable answers of a higher wage (74 percent) and less stress (53 percent).

Macnair added: “This research demonstrates a huge demand for autonomous solutions within the cyber security community, which I am pleased to announce Censornet has been the first to meet. Until now, humans have been limited by their inability to see across multiple point products and correlate information – without huge amounts of manual work. It’s a problem we recognised some time ago and have been working to fix. Our Autonomous Security Engine (ASE) is the first product on the market that allows core services – such as web security and email security – to share security event, context and state data continuously and in real-time, and bring automated attack prevention to organisations.”

A core component of Censornet’s single cloud platform, which delivers email security, web security, CASB and MFA, ASE enables traditionally siloed products to share and react to security events and state data whilst leveraging world-class threat intelligence. For example, email security detects a malicious link in an email, it can not only quarantine it, but can also inform web security to prevent anyone in the organisation visiting that link. This not only removes a huge amount of labour for the security and IT team, but also makes for a much safer organisation.

Macnair concluded: “With the data it has access to, ASE is able to take the burden off security teams facing myriad security alerts, and even prevent attacks in real-time. Automating activity such as repetitive low-level tasks usually undertaken by a human can free up limited analyst resources to focus on more advanced tasks, helping to close staffing and expertise gaps and also help stave off cyber fatigue. It is taking the security industry beyond events and alerts and into 24×7 automated attack prevention.”