π―Basically, security teams need to update their strategies to fight new types of cyber threats.
What Happened
Security programs are increasingly failing to address the evolving landscape of identity threats. Despite having tools and budgets, many teams are still unprepared for modern attacks. A recent survey by Huntress of over 1,000 IT and security professionals revealed that existing strategies are outdated and not aligned with current threats.
Who's Affected
Most affected are small to medium-sized security teams, often comprising just a handful of individuals. Many organizations rely on limited resources and shared responsibilities, which can hinder their ability to respond effectively to identity-based attacks.
Key Findings
The survey highlighted several critical issues:
- Team Size: Most teams consist of 6-15 members, with many relying on a single individual for cybersecurity.
- Budget: While three-quarters of teams rate their IT budget as adequate, the issue lies in clarity and decision-making rather than funding.
- Alert Noise: A significant challenge is the overwhelming number of false alerts, with nearly two-thirds of teams reporting that at least 25% of their alerts are irrelevant.
The Real Problem
Security programs were designed for a different era, focusing on traditional malware detection rather than modern identity threats like business email compromise and account takeovers. This misalignment leaves teams feeling vulnerable and unprepared. As Jenko Hwong from Huntress points out, identity management has shifted from simple password protection to complex session and token management, which many teams struggle to handle.
Real-World Incident
An example from Huntress illustrates the importance of human judgment in identity threat detection. When a suspicious login was detected, the SOC team acted quickly to disable the compromised account. They further investigated the incident, uncovering multiple additional compromised accounts linked to the same suspicious activity.
AI's Role
AI is becoming an essential tool for small security teams, helping them manage high volumes of alerts and improve response times. Nearly half of the surveyed professionals view AI as critical for their security strategy, using it for threat detection, user behavior analysis, and incident response.
What You Can Do
To build a resilient security team, organizations should focus on several key areas:
- Audit Alert Quality: Evaluate how many alerts lead to meaningful actions to reduce wasted time.
- Focus on Identity: Treat identity as a primary attack surface and ensure visibility into session behaviors and permissions.
- Clarify Roles: Ensure team members know their responsibilities during incidents to avoid confusion.
- Design for Human Error: Create systems that account for human mistakes rather than assuming perfection.
Resilience in security is about making informed decisions under pressure, not just having more tools or personnel. Organizations must adapt their strategies to meet the challenges of todayβs threat landscape, ensuring their security programs are fit for purpose.
π Pro insight: The findings underscore a critical need for security teams to evolve their strategies beyond traditional malware defenses to combat identity threats effectively.
