All UAE-based security leaders who have lived through a recent cyber incident believe that future prevention hinges on the training of people, and improvements in technology, and almost all (96%) want to see similar enhancements in processes. 
These critical findings emerged from research released from Trellix, as part of the company’s Mind of the CISO initiative. The report, titled “Mind of the CISO: Behind the Breach” was designed to better understand the unique challenges faced by CISOs and other high level security decision makers, in the aftermath of a cyber-attack.
Some of the key findings in the research focused on the extent to which gaps in people, technology and process contributed to a major cyber incident. In terms of people-readiness, 64% of respondents from the UAE said the incident was missed because of a lack of resources (for example, it may have occurred in off-shift hours). More than half (52%) of those polled said their organization lacked the IT skills to deal with the complexity of the incident.
In terms of impact of technology gaps, 52% cited gaps in security capability as a contributor to a security incident and 44% said their IT stack was not configured correctly or that detection policies were not enabled. Some 40% said that their IT and security tools did not provide adequate visibility to stop an incursion.
In a ripple effect, tech gaps, according to the poll, were leading to collapses in processes, with 52% saying workflows could not be fully executed because the tools were not in place to allow it. Almost half (48%) said their organization used too many manual processes, which had a negative impact on the mean time to detect (MTTD) or repair (MTTR).
And 44% cited a lack of properly documented and implemented processes while another 44% decried the lack of context arising from disconnected security controls.
The report revealed that post-breach analysis by UAE security leaders had, on average, concluded that change was necessary to prevent repeat occurrences.
Sixty per cent of those surveyed said their organization’s experience during the incident had caused it to completely rethink its cybersecurity strategy.
Almost all respondents (96%) agreed that some improvements were needed in their processes. And all agreed their organization had to make some improvements in terms of people and technology.
“Once again, we see the challenges faced by the UAE’s cybersecurity professionals,” said Vibin Shaju, General Manager, UAE at Trellix. “What is clear from what interviewees told us is that people, processes, and tech are three legs of stool. If you overemphasize one, the stool becomes wobbly and can topple. There must be balance. What we see in our survey are real-world examples of those who had wobbly stools, and what it cost them.”
In the context of their cyber incident, respondents were polled on the benefits of extended detection and response (XDR), the emerging approach in cybersecurity that brings together disparate security tools in a powerful single-pane solution.
Some 72% cited faster and more efficient threat detection and response. Among those respondents that did not have XDR deployed at the time of their incident, all agreed that the technology would have at least lessened the impact of the breach, and almost all (91%) believed it would have prevented the incident altogether.
“XDR is one of the best cybersecurity investments available today,” continued Shaju. “It offers improved, consolidated visibility by ingesting data from siloed security solutions. It offers automated analysis that yields insights that would be unlikely to emerge from manual processes. The security function is therefore empowered to carry out faster, more productive investigations because the platform has already prioritized avenues of inquiry. Here we can see an end to alert fatigue and the beginning of a new era of high morale in the SOC and less risk across the board. And if that is not enough to get security leaders thinking in a new direction, imagine making a business case for XDR in which you can say with confidence that the entire security stack, now consolidated and simplified, will have a lower total cost of ownership.”
“Every day our security professionals are under siege. Our ‘Mind of the CISO’ reports show this, not in theory but in fact. XDR lifts them up and lets them take the fight to the threat actor,” concluded Shaju.
