A new SANS survey being released in a two-part webcast on October 31 and November 1 finds that incident response (IR) teams have reduced the time it takes to stanch serious data breaches in 2018. But IR teams haven’t managed to improve on a major hurdle that they reported in last year’s edition of the survey: visibility into incidents. According to SANS author Matt Bromiley, poor visibility wasn’t the only obstacle that incident responders had to surmount during the past year. “We saw the enforcement of privacy rules and regulations, such as General Data Protection Regulation (GDPR), and increased PCI security requirements,” he says. That’s why the 2018 SANS Incident Response Survey focuses on the theme of “drowning out the ‘noise’ and seeking to focus on the sounds that matter,” Bromiley explains.
This year’s survey found gaps in response capabilities, including missed incidents and lack of visibility into incidents or data breaches. In fact, 32% of respondents were unsure of how many incidents they didn’t respond to. Further, 44% were attacked by the same threat actor more than once. “If your attacker is making money off of your environment or didn’t get what they came for, they will be back,” Bromiley warns. “IR teams must make sure they are containing and remediating fully.”
Other woes from 2017 persist as well, including shortage of staff and a want for more training and tools. More than half of survey respondents (52%) identified a shortage of staffing and skills as a key hurdle. Just behind that was a lack of budget for tools and technology (48%) followed by poorly defined processes and owners (44%).
There’s still work to do, to be sure, but there’s good news as well. As Bromiley says, “Despite these hurdles, some orgs are still showing great signs of improvement in their responsiveness.”