Security and risk management leaders have more information at their disposal than ever before. However, the sheer amount of data is not helping to solve problems. They are struggling to know what threats they really need to be concerned about. It’s an issue that can’t be ignored. In 2021, corporate cyber-attacks rose by 50 percent, and government and military sector attacks rose by 47 percent.

Dealing With a Growing Data Deluge

“We are drowning in information but starved for knowledge,” John Naisbitt.

According to a recent survey, security teams are suffering from high levels of stress over the overwhelming amount of security data and alerts. The survey polled 2,303 IT security and SOC decision makers across companies of all sizes and verticals. The survey found that:

  • 70 percent of respondents say their home lives are being emotionally impacted by managing threat alerts
  • 51 percent feel overwhelmed by the volume of alerts
  • 55 percent aren’t confident in their ability to prioritize and respond

With all the available tools and solutions at their disposal, how should security and risk management leaders prioritize and consolidate data into actionable items? Before we jump into solutions and recommendations, let’s first breakdown a few important reasons why this is happening.

Data is Worthless If It Can’t Communicate: You are either dealing with not having enough data or having way too much. For most security and risk management leaders, it is the latter. Data is pouring out from logs across a variety of applications, networks, etc., but none of it talks to each other to make it operational. It ends up being a lot of noise that makes it impossible to prioritize and act on. According to Gartner®, “it is not unusual to see these types of organizations consuming 8-15 or more sources of threat intelligence across multiple styles like free/open source, computer emergency response team (CERT), information sharing and analysis centers (ISAC) and commercial providers.”

Chief,project,engineer,holds,briefing,for,a,team,of,scientists

No Requirements For Procurement: Generally, there seems to be a lack of defining priority intelligence requirements (PIR) to guide procurement. In most of the cases, this is hard for security risk leaders to identify because they haven’t done a risk assessment for the business. They need to identify how and where cybersecurity’s role will improve the organization. For example, if ransomware is a huge issue for your organization, your PIR should be focused on how much ransomware intelligence should give you to be relatable. You need to have a foundation of understanding of your digital footprint and understanding the PIRs associated with it and how that data is relevant to you.

Framing Your Response: In addition to having information overload, security and risk management leaders can also be overwhelmed when it comes to cybersecurity frameworks. For example, the MITRE ATT&CK framework offers significant benefits over more traditional cybersecurity frameworks. However, you need to understand what it is and what resources are required to make it work. Because of the added level of knowledge needed, some security and risk professionals believe that the MITRE ATT&CK Database can be difficult. Thus, the following statement: “This technique cannot be easily mitigated with preventive controls since it is based on behaviors performed outside of the scope of enterprise defenses and controls. Efforts should focus on minimizing the amount and sensitivity of data available to external parties.” At LookingGlass, we feel that this isn’t always the case. With the right tools and team, you can identify the information that you need and prioritize how to leverage that information.

Having The Right Resources: Every 11 seconds there is another cyber-attack. Every year threat actors are moving faster and more efficiently than ever. You need the right resources and people at your disposal to protect your organization. That can be difficult in an industry that is suffering from a talent shortage. Without the right people, there’s not enough time for proper risk assessment and management. Organizations are slow to prioritize, identify, and respond to critical cybersecurity incidents.

Dealing With a Growing Data Deluge

Organizations are drowning in data and information, so don’t let data get the best of you. Take control and acquire the right set of solutions for your organization.

If your organization is struggling to know what threats they really need to be concerned about, LookingGlass can help. Contact us today to talk about how we can support you.

­About Gartner:

*Gartner, Market Guide for Security Threat Intelligence Products and Services, John Collins, Ruggero Contu, Mitchell Schneider, Craig Lawson, Published 10 December 2021.

GARTNER® is a registered trademark and service mark of Gartner®, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner® does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner® research publications consist of the opinions of Gartner®’s research organization and should not be construed as statements of fact. Gartner® disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.