Fortinet®, the global cybersecurity leader driving the convergence of networking and security, has revealed the outcomes of a new survey conducted by IDC on the state of security operations (SecOps) in the Asia-Pacific region. The survey, commissioned by Fortinet, provides valuable insights into the current SecOps landscape, emphasising the role of artificial intelligence (AI) and automation. It explores various aspects, including prevalent security practices, attack frequency and impact, detection and response times, alert fatigue, the status, and impact of automation in SecOps workflows, and challenges related to skill development within the SecOps domain. Key findings from Australia report include:

Current Security Challenges – Threats and Team Readiness

• Most common cyber threats: Ransomware is the predominant cyber threat in Australia, with 56 per cent of organisations ranking it as their top concern. The top five threats include ransomware, phishing, unpatched vulnerabilities, insider threats, and supply chain attacks.
• Ransomware surge: Ransomware incidents have doubled across Australia, with 62 per cent of organisations reporting at least a two times increase in 2023, compared to 2022. Phishing and malware are the primary attack vectors. Other significant vectors include social engineering attacks, supply chain attacks, and zero-day exploits.
• Insider threats and remote work: 62 per cent of the respondents feel that remote work has led to an increase in insider threat incidents. Insufficient training, lack of employee care, and inadequate communication contribute to this surge, emphasising the need to address human factors in cybersecurity.
• Impact of emerging technologies: Hybrid work, AI, and information technology (IT) and operational technology (OT) system convergence pose significant challenges. Cloud technology adoption emerges as a primary challenge, impacting organisational vulnerability to cyber threats across Asia-Pacific.
• Resourcing IT security teams: Only 50 per cent of businesses across Asia-Pacific have dedicated IT resources for security teams. This augments the challenges faced by organisations in strengthening their security measures.

SecOps SOS: Struggles with alert fatigue and threat containment

• Threat containment and preparedness: Approximately 60 per cent of the surveyed organisations across Australia express concerns about being underequipped for threat containment. This dissatisfaction highlights the critical need for enhancing cybersecurity capabilities to effectively counter evolving cyber threats. Alarmingly, three out of four organisations do not conduct regular risk assessments, exacerbating the challenge of timely threat detection.
• Alert fatigue: More than 50 per cent of surveyed enterprises experience an average of 221 incidents per day and two out of five enterprises grapple with over 500 incidents daily, leading to alert fatigue. The top two alerts faced are suspicious emails (phishing) and malware or virus detections, highlighting the imperative for targeted training on phishing awareness. Additionally, account lockouts, suspicious user behaviour, and multiple failed login attempts contribute to alert fatigue.
• Workload and time constraints: On average, there is only one SecOps professional for every 207 employees, each of whom manages over 50 alerts daily. This workload places significant pressure on cybersecurity professionals, allowing them less than 10 minutes to address each alert within an eight hour workday. The time constraint underscores the necessity for efficient processes, automation, and prioritisation to effectively manage the workload.
• False positives and response time: The challenge of false positives persists, with 76 per cent of respondents noting that at least 25 per cent of the alerts they receive are false positives with email security alerts/phishing, user account lockout alerts, and software patching updates being the top contributors. 90 per cent of teams take more than 15 minutes to validate an alert, highlighting the need for automation.
• Skills development: All (100 per cent) of respondents find it challenging to keep their team’s skills updated with the rapidly changing threat landscape. Survey respondents prioritise the ability to automate (62 per cent) as a key skill for Security Operations Centre (SOC) teams, highlighting the growing importance of automation in cybersecurity. This, along with the ability to multi-task and critical thinking, right set of certifications, underscores the evolving skill set needed in the face of dynamic cyber threats.

Automation in SecOps: Current adoption and future possibilities

• High adoption and untapped potential: A significant majority (78 per cent) of organisations have embraced automation and orchestration tools in their SecOps, underscoring the widespread recognition of their value in fortifying cybersecurity strategies. Despite the prevalent adoption of automation tools, the survey suggests that organisations have yet to fully harness the complete potential of these technologies. Opportunities for improvement are identified in areas such as streaming response triage, incident containment, remediation, recovery, and threat containment.
• Productivity gains: Notably, around 92 per cent of respondents have experienced significant productivity gains, with at least a 25 per cent improvement in incident detection times attributed to automation.
• Future plans and focus areas for optimisation: Organisations are actively pursuing the optimisation of automation processes to establish a more streamlined cybersecurity framework. Looking ahead, a significant number of organisations (60 per cent) across Asia-Pacific express their intent to implement automation and orchestration tools within the next 12 months. Strategically, organisations are focusing on leveraging automation tools to streamline response triage, accelerate incident containment, and minimise recovery time.

Beyond threats: SecOps preparedness and future priorities

• Faster threat detection and response takes centre stage: Organisations recognise the pivotal role of automation in enabling rapid and efficient detection and response to cyber threats, reflecting a proactive approach in bolstering their security resilience. Survey results highlight that 80 per cent want to leverage automation to maximise visibility, automated responses, and threat intelligence.
• Holistic automation for enhanced SecOps: Over 60 per cent of respondents say that the top areas for automation include extending coverage and enhance scalability and capabilities of security teams and optimising the operational efficiency of existing security resources and intelligence. The emphasis on holistic automation signifies a comprehensive approach to SecOps, incorporating intelligence optimisation and automated responses. This approach aims to improve overall efficiency, visibility, and intelligence utilisation amidst dynamic cybersecurity challenges.
• Future SecOps priorities: Organisations are gearing up to prioritise SecOps investments in the next 12 months. The top five priorities include boosting network and endpoint security, empowering staff cyber awareness, elevating threat hunting and response, updating critical systems, and performing security audits. These priorities align with the evolving threat landscape and underscore the strategic focus on comprehensive cybersecurity measures.

Simon Piff, research vice-president, IDC Asia-Pacific, said, “Securing modern IT infrastructures requires a continuous commitment to vigilance, proactivity, and adaptability amid challenges posed by hybrid work, AI, and cloud technologies. This dynamic shift from static controls to a risk-centric cybersecurity posture aligns seamlessly with the evolving technological landscape. The integration of AI-assisted tools, reassessment of staffing, potential outsourcing, and increased automation emerge as imperative facets highlighted by the survey, emphasising the urgency for organisations to embrace automation strategically.”

Glenn Maiden, director of threat intelligence operations, FortiGuard Labs, Australia and New Zealand, Fortinet, said, “In the ever-evolving cybersecurity landscape, 70.7 per cent of organisations prioritise faster threat detection through automation. At Fortinet, we recognise the imperative of swift detection and response as the cornerstone of an enhanced cybersecurity posture. Automation plays a crucial role in promptly identifying and responding to cyber threats, minimising the window of vulnerability. Our customers’ experiences underscore this urgency, with a transformative reduction from an average of 21 days to just one hour for detection, driven by AI and advanced analytics. This signifies a fundamental step in fortifying cybersecurity defences, where time to detect and respond is paramount. Automation, in this context, emerges as the linchpin in navigating the challenges of today’s dynamic threat landscape.”

About the IDC survey

IDC conducted a survey with 550 IT leaders who make or influence security decisions for their organisations. Conducted between October and November 2023, the Asia-Pacific survey looked at organisations with a global headcount of 250–5,000+ employees. The study covers 11 markets: Australia, Hong Kong, India, Indonesia, Malaysia, New Zealand, Singapore, South Korea, Thailand, the Philippines, and Vietnam. The findings are published in an IDC Executive Summary, sponsored by Fortinet, State of SecOps: Asia-Pacific Braces Against Phishing, Ransomware Surge and Alert Fatigue, Urging Swift Adoption of AI, and Automation for Security Operations, doc #AP72351X, December 2023

About Fortinet

Fortinet is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet’s solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. FortiGuard Labs, Fortinet’s elite threat intelligence and research organisation, develops and utilises leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence.

Learn more at https://www.fortinet.com, the Fortinet blog, and FortiGuard Labs.