Time to Reimagine Security Response

Data breaches are inevitable, and yet the fallout from an event can undermine a brand’s reputation and financial standing.

The average cost for a serious breach has climbed to $4 million, and the risks are only growing.[1] Ransomware attacks on companies increased by 35% last year and spear phishing increased by 55%.[2]

In this environment, the work of Chief Information Security Officers (CISOs) is ever more important and complicated. They must protect their organizations from an evolving variety of threats, while under scrutiny from across the C-suite and their boards to better mitigate risk.

Under pressure, it’s time to rethink strategy.

Since CISOs can’t completely prevent the threats, they need to refocus their teams and peers on strengthening their response to security risks.

This strategy requires a three-pronged approach: increase investment in automation; focus on prioritizing threats based on business criticality; and make better use of talent.

Nearly 300 CISOs agree, according to a study recently published by ServiceNow.

Step 1: Automate More

Many organizations rely on manual, decentralized systems for tracking security incidents. In fact, 28% of CISOs in our survey say manual processes are a barrier to effective security. But processes could look different in the near future: While just one-third of our respondents automate more than 40% of their security processes today, two-thirds plan to automate that amount in three years. And the tasks being automated are increasingly sophisticated as well. To improve their ability to respond to threats in a timely manner, CISOs should work to orchestrate processes and automate response and remediation tasks. And by working off a common platform with IT and other functions, security operations could automate faster and smarter, enabling for a smooth prioritization process.

Step 2: Leverage Automation to Prioritize

Automation helps organizations prioritize and respond to threats in real time, yet 70% of organizations surveyed say it is difficult to prioritize security alerts based on the importance of the data under attack. This failure to prioritize can paralyze organizations that try to address all threats equally, given that they can be hit by thousands of cyberattacks daily. CISOs recognize the problem: a large majority of CISOs (84%) say that prioritizing security alerts in the context of the larger business is critical to the success of their security function. These results echo Enterprise Strategy Group (ESG), which reported that nearly 75% of executives surveyed said that incident response tends to be based upon informal processes.

Step 3: Allow Humans to Focus on Complex Tasks

By prioritizing threats through automation, CISOs can deploy their limited human resources to make better decisions, respond more quickly to threats and breaches, and anticipate future dangers. This is the job these professionals were hired to do rather than cataloging hundreds of suspicious emails. Optimizing the talent at hand critical since there is a shortage of skilled security workers. Currently, though, few companies have enough skilled security professionals who understand their company’s strategic operations and the broader threat environment in a way that allows them to prioritize security threats—just 7% of CISOs say this skill is highly developed.

By refocusing on how to best respond to security threats, CISOs can bolster the success of their companies, increase employee satisfaction by automating menial tasks, and help protect business-critical functions first.  Designed with these outcomes in mind, ServiceNow’s security offering helps CISOs and their teams streamline their security response and act on threats faster and more effectively than ever before.

[1] Ponemon Cost of Data Breach Study, Ponemon Institute, June 2016.

[2] Internet Security Threat Report, Symantec, 2016.