A survey of 150 security decision makers in the U.S., published today, finds that close to two thirds of cybersecurity incidents (62%) involved issues that were previously known to be a potential threat.
Conducted by ZEST Security, the survey finds half of respondents work for organizations where 56% of risks identified can’t for one reason or another be remediated.
Overall, the survey also makes it clear that cybersecurity and IT teams are being overwhelmed by remediation requests. A full 87% of respondents said their organization’s backlog of ticket requests for remediation includes at least 100 critical security issues.
On average, 71% of organizations are opening new tickets per month, while nearly half of organizations (45%) are closing only ten, the survey also finds.
Application vulnerabilities are especially problematic. More than a third (38%) said it takes on average more than six weeks to remediate an application vulnerability found in a production environment, compared to nearly half (48%) that said that it takes 3.5 weeks to remediate a cloud misconfiguration. A total of 60% of respondents identified application and container vulnerabilities as being the most painful to remediate.
Additionally, the survey finds it now takes organizations on average 10 times longer to remediate a vulnerability than it does for cybercriminals to exploit them.
The biggest remediation challenges respondents cited are understanding the path for resolution (48%), identifying risks that can’t be remediated (26%) and determining the amount of effort required (25%). A total of 43% of respondents said a security engineer will spend six to eight working days each month reviewing, validating and prioritizing risks.
On average, the total annual cost of remediation is $2 million, the survey also finds.
ZEST Security CEO Snir Ben Shimol said given the limited remediation resources available, the survey makes it clear many cybersecurity teams need more help prioritizing these efforts using a platform that leverages artificial intelligence (AI) to pinpoint the root cause of a cybersecurity risk that has been identified. Armed with those insights it then becomes easier to triage remediation efforts based on not just the level of risk to the business but also the amount of effort required to implement a fix, he added.
In fact, the survey notes the functions that survey respondents most want to automate are triage and root cause analysis (73%), followed closely by identifying who should apply a fix where (70%) and their prioritization efforts (63%). Nearly half of respondents (53%) reported that their efforts to prioritize remediation responses resulted in a single fix being able to resolve multiple issues.
The level of automation being applied by security teams will naturally vary, but with the rise of AI, it’s clear more security functions will be handled by machines. The challenge now is not only identifying which tasks lend themselves best to be reliably automated by AI in a way that results in more critical vulnerabilities being resolved sooner than other issues that are not likely to be nearly as pressing. Otherwise, the engineers assigned to resolve cybersecurity issues will naturally focus on the ones that are easiest to close versus the issues that are actually most potentially lethal to the organization.
Recent Articles By Author