When an accounts payable manager at a South Carolina-based company fell for an email scam containing a vendor invoice worth over $1 million, she was promptly fired.
This real-world example is more common than not these days. Employees are scared. Why take the risk, when clicking a button to report a suspected phishing email is a simple way to reduce that fear?
Security operations center (SOC) analysts are frustrated, because they spend a whopping 7.11 hours per incident, on average, assessing false positives reported by employees; time that could be better applied to triaging true-phish attacks. SOCs are working around the clock with limited resources, due to the fact that 3 billion phishing emails are sent daily, and all it takes is one vulnerability to get past organizations’ current security measures, causing a catastrophic data breach.
In its latest Email Fraud and Identity Deception Trends, email security firm, Agari finds that SOCs that embrace automation save on average more than $11 million, annually. The problem is most SOCs are still reliant on manual processes.
The question is: Should the employee in finance, payroll, marketing or any department other than Infosec really be an email security and phishing email expert? Most email security experts say, “no.” At the CISO event Trust 2019, this topic – removing human vulnerability in phishing threats – dominated discussions. The elusive variable causing employee angst and missed savings at most SOCs is automation. Many SOCs still manually assess emails flagged as suspicious, making the need for SOCs to find ways to automate and accelerate the processes involved with incident response grow more urgent by the day.
Automation, underpinned with machine learning, drives the efficiencies most SOCs seek. When asked how cutting the time required for phishing incident response through automated processes would impact their overall breach risk, respondents to Agari’s quarterly survey estimated average risk reductions of 59 percent.
In the U.S., that figure rose 2 percent from the previous quarter’s survey, to an average 58 percent reduction in breach risk, while in the U.K., estimates rose 2 percent during the same period, to an average 50 percent reduction.
On a global basis, a 59 percent reduction in breach risk would result in a $708,000 decrease in annual breach risk for the average business.
“SOCs cannot hire analysts fast enough, so much so that the cybersecurity industry has nearly zero unemployment,” said Armen Najarian, Chief Identity Officer, Agari.
“The cybersecurity staffing gap is really a chasm. A clear and urgent need exists for SOCs to embrace automation to bring balance to the time and cost being spent on phishing incident response, in this era of low employment but high threat,” Armen added.
Headcount needs at large enterprises rose 23 percent quarter-over-quarter. Besieged by an incessant stream of phishing incidents, the average number of SOC analyst per organization topped 16.9, during the quarter up from 15.3 previously.
Based on the average 35,108 phishing incidents organizations face annually combined with the average time to remediate these incidents, the average SOC needs 136 analyst working 40 hours a week on nothing but incident response to remediate successfully all reported emails, legitimate phishes and false positive emails.
The average number of SOC analysts per organization in the Agari survey is 16.9, which indicates a staffing gap of at least 119 FTEs. “That number is enough to staff an entire red team,” Najarian noted.
“Email fraud is big business for the scammers; email fraud prevention is just as important as door locks, fences and other efforts to protect physical assets.”
The post #Privacy: $11m to be saved through phishing incident response, study says appeared first on PrivSec Report.