Recent research conducted by International Data Corporation (IDC) in collaboration with Exabeam, a global leader in AI-driven security operations, has unveiled alarming insights into the cybersecurity landscape. The findings, presented in the Exabeam report titled "The State of Threat Detection, Investigation, and Response," November 2023, underscore the pervasive challenges faced by organizations in managing security incidents effectively.
According to the report, a staggering 57% of companies surveyed encountered significant security incidents in the past year, necessitating additional resources for remediation. The study, which drew insights from 1,155 security and IT professionals across North America, Western Europe, and Asia Pacific and Japan (APJ), highlights the prevalence of security vulnerabilities across diverse regions.
Benny Czarny, Founder and CEO at Exabeam, emphasized the gravity of the situation, stating, "These findings shine a glaring light on program gaps caused by dedicated but overburdened teams lacking key, automated threat detection, investigation, and response (TDIR) resources."
Despite the alarming frequency of security incidents, the research reveals a stark contrast between self-reported security measures and reality. While a majority of organizations reported better performance on cybersecurity key performance indicators (KPIs) in 2023 compared to the previous year, confidence levels appear inflated. Over 90% of organizations expressed confidence in their ability to detect cyber threats, yet a significant gap exists between perceived and actual capabilities.
Steve Moore, Exabeam Chief Security Strategist, cautioned against complacency, stating, "Looking at the lack of automation and inconsistencies in many TDIR workflows, it makes sense that even when security teams feel they have what they need, there is still room to improve efficiency and velocity of defense operations."
The research also sheds light on a visibility crisis plaguing security operations globally, with organizations reporting visibility into only 66% of their IT environments. This shortfall raises concerns about blind spots, particularly in cloud environments, potentially leaving organizations vulnerable to adversarial advances.
Samantha Humphries, Senior Director of International Security Strategy at Exabeam, highlighted the implications of inadequate visibility, stating, "With business transformation initiatives moving operations to the cloud and an ever-increasing number of edge connections, lack of visibility will likely continue to be a major risk point for security teams in the year ahead."
Furthermore, automation across TDIR workflows remains suboptimal, with more than half of global organizations automating only 50% or less of their TDIR processes. This hesitancy to embrace automation impedes effective incident response, contributing to the time spent on TDIR activities.
Michelle Abraham, Research Director for IDC's Security and Trust Group, emphasized the importance of automation, stating, "As attackers increase their pace, enterprises will have to overcome their reluctance to automate remediation."
In light of these challenges, organizations are seeking third-party assistance in managing threat detection and response, underscoring the growing demand for AI-driven security tools. Additionally, there is a desire for enhanced understanding of normal user and entity behavior within organizations, highlighting the need for solutions equipped with user and entity behavior analytics (UEBA) capabilities.
As organizations strive to fortify their security postures, the research points to the imperative of leveraging AI-driven automation to enhance incident response capabilities. With the market demand for security solutions leveraging AI expected to surge in 2024 and beyond, organizations must prioritize the adoption of advanced technologies to mitigate evolving cyber threats effectively.