A new study, commissioned by Seemplicity, dives into the challenges security professionals face when dealing with the process of remediating security risks. The research highlight the obstacles involved in coordinating the remediation process and the consequences of lengthy remediation times, manual processes, and lack of oversight.
The survey, covering 108 cybersecurity professionals from companies with over 100 employees, reveals that:
Critical security risks take almost 4 weeks to be fully remediated, indicating that the entire process is measured in weeks, not days.
Organizations typically manage 3 to 5 security tools, which complicates and slows down the remediation process.
49% of security professionals struggle to identify the right person to contact for fixing or verifying risk resolutions.
97% would focus on proactive security tasks if the remediation process were more efficient, indicating a desire to allocate time to forward-looking activities.
A recurring theme is that excessive security tools and manual work across different teams hinder the ability to keep up with risk reduction and remediation demands.
Even if we can question the bias of a studies commissioned by vendors... let's take quantified insights where we can find them. Anyway, the findings are not surprising and are in line with other studies and the feedback from the field that we all have in cybersecurity. Now, let's focus on fixing these issues!