So Many Incidents, So Few Security Staff to Handle Them

The 11 Essentials of Enterprise Security

How many security incidents do you think your company has each day?

Whatever number you come up with, chances are, you’ve underestimated. According to Damballa’s Q1 2014 State of Infections Report, the average enterprise network has 10,000 security-related events per day.

And for some companies, that 10,000 number is on the low side, as eSecurity Planet reported:

The most active, according to the report, see around 150,000 events per day. “No enterprise security team could possibly correlate evidence for 150,000 events daily to find true infections,” the report notes. “Manually piecing together disparate data facts is a painstaking, labor-intensive process.”

To this InfoSecurity Magazine added:

Damballa’s report analyzed 50% of North American ISP internet traffic and 33% of mobile traffic, plus large volumes of traffic from global ISPs and enterprise customers. In addition to the average event data, Damballa also discovered that large, globally dispersed enterprises were averaging 97 active infected devices each day and leaking an aggregate average of more than 10GB of data per day.

The problem is this: Who has time or staff to manually check the data? (Although I know someone whose internship responsibilities were just that – cull through mountains of data to look for potential security events.) And, the report added, even if you do have someone to trawl through all of that information, it takes a lot of time. It is one of the reasons why breaches and other security flaws take so long to find.

It’s easy to look at this report, see these large numbers, and come to the conclusion that infections have become too overwhelming for the average business. But in my opinion, that’s not the only, or even the primary, takeaway. The report also highlights the lack of skilled security personnel out there. Over the years, I’ve spoken with many chief security officers and high-level security staff who admitted that they were IT guys first but pulled into security because it “had to do with computers so you know what to do, right?” Infections, breaches, vulnerabilities, attacks of all kinds have become so much more sophisticated that trying to keep abreast of security requires very specific skills. Except there aren’t enough skilled workers. As Brian Foster, CTO of Damballa stated in a release:

We are already facing a profound scarcity of skilled security professionals, which the latest Frost & Sullivan figures estimate will equate to a 47% shortfall by 2017. If we compound this fact with the increase in data breaches and the scope of work required to identify a genuine infection from the deluge of security events hitting businesses every day, we can see why security staff are struggling to cope.

This isn’t a new problem, of course, but without skilled security professionals, breaches like the one that Target experienced will only increase and, worse, it will take longer to uncover them. The only people who win then are the bad guys.