This looks a bit like the “blinding flash of the bleedin’ obvious” but it’s quite common to witness silo issues between SOC, Incident Response, IT Operations, and Network Operations teams (not to mention with the business management)…:
RSA CONFERENCE 2020 – San Francisco – The security team, instead of operating in silos, can lower overall post-breach costs if it collaborates with other teams across the organization.
Cybersecurity is still a top priority for executive leadership, researchers say in Cisco’s “2020 CISO Benchmark Report.” The survey of 2,800 IT decision-makers reveals key trends and pain points as companies face issues such as alert fatigue, mobile security, and private cloud security.
Ninety percent of respondents agree business executives have created clear metrics for assessing the effectiveness of a security program. Time-to-detect ranks highest as a key performance indicator (KPI); however, for reporting to the C-suite or board, time-to-remediate is equally key because it represents the total impact of an incident: downtime, records affected, cost of investigation, lost revenue, lost customers, lost opportunities, and out-of-pocket costs.
Organizations reporting more than 100,000 records compromised in their most severe breach grew from 15% in 2019 to more than 19% in 2020. A major incident has the greatest effect on business operations (36%), followed by brand reputation (33%), finances (28%), intellectual property (27%), customer retention (27%), and supplier relationship (26%), researchers found.
Alert fatigue is a major issue when you consider the number of security products cluttering enterprise environments. There is a gradual trend to reduce complexity through vendor consolidation, with 86% of businesses using up to 20 vendors, and only 13% using more than 20. In 2019, 15% of companies used more than 20 vendors; in 2018, that number was up to 21%.