State of SecOps: New Zealand braces against phishing, ransomware surge and alert fatigue

Line of Defence Magazine - Autumn 2024

The Asia-Pacific survey polled 550 IT leaders in organisations.

A report commissioned by Fortinet urges adoption of automation and AI to address increasing complexity and volume of cyber threats, ensuring organisations’ SecOps stay ahead of cybersecurity challenges.

According to the survey conducted by IDC on the state of Security Operations (SecOps) in the Asia-Pacific region, only 50 percent of businesses have dedicated IT resources for security teams, and 96 percent find it challenging to keep their team’s skills updated with the rapidly changing threat landscape.

Current security challenges: Threats and team readiness

The predominant cyber threat in New Zealand is phishing with 50 percent of organisations ranking it as their top concern. The top five threats include phishing, ransomware, unpatched vulnerabilities, insider threats, and identity theft.

Ransomware incidents have doubled across the country, with 62 percent of organisations reporting at least a two times increase in 2023 compared to 2022. Phishing and malware are the primary attack vectors. Other significant vectors include social engineering attacks, insider threats, and zero-day exploits.

82 percent of the respondents feel that remote work has led to an increase in insider threat incidents. Insufficient training, lack of employee care, and inadequate communication contribute to this surge, emphasising the need to address human factors in cybersecurity.

Added to this, only 50 percent of businesses have dedicated IT resources for security teams. This augments the challenges faced by organisations in strengthening their security measures.

Read this article in the digital edition:

Emerging technologies associated with hybrid work, AI, and information technology (IT) and operational technology (OT) system convergence pose significant challenges. Cloud technology adoption emerges as a primary challenge, impacting organisational vulnerability to cyber threats across Asia-Pacific.

SecOps SOS: Struggles with alert fatigue and threat containment

36 percent of the surveyed organisations express concerns about being underequipped for threat containment, highlighting the critical need for enhancing cybersecurity capabilities. Alarmingly, three out of four organisations do not conduct regular risk assessments, exacerbating the challenge of timely threat detection.

More than 50 percent of surveyed enterprises experience an average of 221 incidents per day and two out of five enterprises grapple with over 500 incidents daily, leading to alert fatigue.

The top two alerts faced are suspicious emails (phishing) and malware or virus detections, highlighting the imperative for targeted training on phishing awareness. Additionally, suspicious user behaviour, account lockouts, and multiple failed login attempts further contribute to alert fatigue.

On average, there is only one SecOps professional for every 180 employees, each of whom manages about 33 alerts daily. This workload places significant pressure on cybersecurity professionals, allowing them less than 15 minutes to address each alert within an eight hour workday. The time constraint underscores the necessity for efficient processes, automation, and prioritisation to effectively manage the workload.

Additionally, the challenge of false positives persists, with 76 percent of respondents noting that at least 25 percent of the alerts they receive are false positives with email security alerts/phishing, traffic spike alerts, and cloud security alerts being the top contributors. 76 percent of teams take more than 15 minutes to validate an alert, highlighting the need for automation.

96 percent of respondents find it challenging to keep their team’s skills updated with the rapidly changing threat landscape. Survey respondents prioritise the ability to automate (56 percent) as a key skill for Security Operations Centre (SOC) teams, highlighting the growing importance of automation in cybersecurity. This, along with the ability to multi-task and critical thinking, right set of certifications, underscores the evolving skill set needed.

Automation in SecOps: Current adoption and future possibilities

A significant majority (84 percent) of organisations across New Zealand have embraced automation and orchestration tools in their SecOps, underscoring the widespread recognition of their value in fortifying cybersecurity strategies.

Despite the prevalent adoption of automation tools, the survey suggests that organisations have yet to fully harness the complete potential of these technologies. Opportunities for improvement are identified in areas such as streaming response triage, incident containment, remediation, recovery, and threat containment.

“In the ever-evolving cybersecurity landscape, 70.7 percent of organisations prioritise faster threat detection through automation,” said Glenn Maiden, director of threat intelligence operations, FortiGuard Labs, Australia and New Zealand. “At Fortinet, we recognise the imperative of swift detection and response as the cornerstone of an enhanced cybersecurity posture. Automation plays a crucial role in promptly identifying and responding to cyber threats, minimising the window of vulnerability.”

“Our customers’ experiences underscore this urgency, with a transformative reduction from an average of 21 days to just one hour for detection, driven by AI and advanced analytics.”

Notably, around 85 percent of respondents have experienced significant productivity gains, with at least a 25 percent improvement in incident detection times attributed to automation.

Organisations are actively pursuing the optimisation of automation processes to establish a more streamlined cybersecurity framework. Looking ahead, a significant number of organisations (60 percent) across Asia-Pacific express their intent to implement automation and orchestration tools within the next 12 months.

Beyond threats: SecOps preparedness and future priorities

Organisations recognise the pivotal role of automation in enabling rapid and efficient detection and response to cyber threats, reflecting a proactive approach in bolstering their security resilience. Survey results highlight that 100 percent of respondents want to leverage automation to maximise visibility, automated responses, and threat intelligence.

Over 50 percent of respondents say that the top areas for automation include extending coverage, minimise false alerts, and optimising the operational efficiency of existing security resources and intelligence. The emphasis on holistic automation signifies a comprehensive approach to SecOps, incorporating intelligence optimisation and automated responses. This approach aims to improve overall efficiency, visibility, and intelligence utilisation amidst dynamic cybersecurity challenges.

Organisations are gearing up to prioritise SecOps investments in the next 12 months. The top five priorities include boosting network and endpoint security, empowering staff cyber awareness, elevating threat hunting and response, updating critical systems, and performing security audits. These priorities align with the evolving threat landscape and underscore the strategic focus on comprehensive cybersecurity measures.

The integration of AI-assisted tools, reassessment of staffing, potential outsourcing, and increased automation emerge as imperative facets highlighted by the survey, emphasising the urgency for organisations to embrace automation strategically,” said Simon Piff, research vice-president, IDC Asia-Pacific.

Conducted between October and November 2023, the Asia-Pacific survey polled 550 IT leaders in organisations with a global headcount of 250–5,000+ employees. The study covers 11 markets: Australia, Hong Kong, India, Indonesia, Malaysia, New Zealand, Singapore, South Korea, Thailand, the Philippines, and Vietnam. The full version of the report is available online.