What are some of the biggest challenges that security professionals face? Most importantly, that question that was posed by Jon Oltsik, an industry analyst as he conducted some quantitative research with security professionals.

During Jon’s research he found that the results included issues such as

  • coping with alert storms
  • addressing the dangerous threat landscape
  • managing a multitude of point tools
  • scaling manual processes
  • staffing shortages

Meanwhile there is one challenge that came up consistently on almost every completed survey. And this issue often had the highest percentage.

So, what is this challenge?

According to the security professionals the cyber security team are not spending enough time on strategy and process improvement as their time is spent on sorting out emergency and high-priority issues.

Certainly, this issue comes up consistently and across the board. But what are the implications?

The team spends some much time putting out fires and that means they are fighting the battle.

Thankfully they do and deserve our gratitude and respect.

But are they

Cutting corners: 

If the days are spent in reactive mode and the job is chaotic because of continually having to put out fires. Is a significant downside? Firstly, in reactive mode there is less time to think about things. You do what you can to put out the fire and then move to the next hot spot. In other words, you have no time to really think things through.

And that’s to say when you’re faced with constant emergencies, it’s likely that team are cutting corners and making compromises. It really is a quick fix and then move on.

In addition, the incident response is generally tribal knowledge – the individual’s collective choice of fire extinguishers, blankets, and hoses rather than tried-and-true processes and methods. Certainly, using processes that have been tested and tried lesson the complexity, uncertainty, and time to deal with emergency situations.

Burnt out: 

Faced with a stream of emergencies day after day, takes its toll on a person. And the security operations team are usually overworked and understaffed and in a highly stressed environment.

So it comes as no surprise that both the research from ESG and the information systems security association (ISSA) research indicates that security professionals agree that there is an unhealthy level of stress associated with their jobs. 71% agree. In other words, a sure-fire recipe for ineffective and inefficient cyber security operations as they struggle with mental health problems, a toxic workplace, and staff attrition.

Poorly prepared for future attacks: 

If you’re always in reactive mode and responding to emergencies there is less time to be proactive in other important areas such as training, testing, and process improvement.

And knowledge and skills can become stale and ineffective over time as cyber attacks are constantly evolving. Reliance on what they knew can become outdated. In other words, keeping up with training is important.

And the right tools to perform the job is important. It’s no use bringing a water pistol to a house that’s on fire, you need a fireman’s hose.

5 practices to reduce security fire drills

If security teams are challenged by a constant state of emergency response, CISOs would do well to address the situation as a matter of urgency.

Here are five things that CISOs can do that will help to put out fires: 

  • Improve security hygiene and posture management
  • Segment networks to reduce the attack surface
  • Capture the actions taken by experienced security professionals and turn them into formal automated security processes
  • Operationalise the MITRE ATT&CK framework to guide activities like security engineering, testing, and alert triage
  • Augment overworked staff with help from security service providers.

Of course, these are known solutions to security professionals. But sometimes people are stuck in emergency mode year after year.

If we allow our security teams to continue in fire fighter mode, how can we expect changes?

And if change is needed, we must be prepared to change things up.

How can we make your business better with IT?