Recent surveys by Farsight and Anomali find that 57% of InfoSec pros work weekends, and nearly a third of survey respondents noted they work on average 10-hour days, but also, one in three state they lack effective intelligence to detect and action cyber threats.
The Farsight survey queried 360 IT cyber security professionals, and found 97% indicated they still find their jobs rewarding and that 85% plan to remain working in security, however 24 percent believe they are at least one year behind the average threat actor, with half of this sample admitting they are trailing by two to five years.
Among other findings are that 17 percent of respondents haven't invested in any threat detection tools such as SIEM, paid or open threat feeds, or User and Entity Behavior Analytics (UEBA). Two-thirds of respondents maintain fewer than 200 days of log data online for analysis and forensics, despite hackers often lurking undetected for this length of time.
The study shows that 80 percent of security professionals don't consult historical logs on a daily basis to investigate past exposure to threats. Plus only 13 percent compare historical logs with threat feeds or indicators of compromise daily.
The conclusion is clear, there is a massive information security overload: too much noise, not enough signal.
Since a significant amount of this noise is created by end-users, it's a good idea to get these employees stepped through new-school security awareness training so they are not causing malware infections on their workstation.
KnowBe4's integrated training and phishing platform allows you to send fully simulated social engineering attacks so you can see which users answer the emails and/or click on links in them or open infected attachments. If you have a Platinum subscription you can even send them "vishing" attacks straight to the phone on their desk.
See it for yourself and get a live, one-on-one demo.
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: