Fortinet Reveals Findings of AI and Automation Survey by IDC

Fortinet, a global cybersecurity provider, has disclosed findings from a recent survey conducted by IDC, shedding light on the state of Security Operations (SecOps) across the Asia-Pacific region. This survey, sponsored by Fortinet, offers crucial insights into the existing SecOps scenario, with a particular focus on the significance of Artificial Intelligence (AI) and automation.

It delves into multiple facets such as prevalent security methodologies, frequency and repercussions of attacks, response times, alert exhaustion, the status and influence of automation in SecOps workflows, and obstacles about skill enhancement within the SecOps sphere. Noteworthy discoveries from India are as follows:

Current Security Challenges: Threats and Team Readiness

Most Common Cyber Threats: In India, phishing and insider threats stand out as the leading cyber threats, with around 50% of organizations identifying them as their primary concerns. The top five threats comprise phishing, insider threats, ransomware, unpatched vulnerabilities, and identity theft.

Ransomware Surge: In India, ransomware incidents have seen a twofold rise, with 70% of organizations noting a doubling in occurrences from 2022 to 2023. Phishing and malware remain the primary avenues for these attacks, while other notable vectors include social engineering, insider threats, and zero-day exploits.

Insider Threats and Remote Work: Eighty-eight percent of the survey participants believe that remote work has resulted in a rise in insider threat occurrences. Factors such as inadequate training, insufficient employee support, and ineffective communication are cited as contributors to this increase, highlighting the importance of addressing human elements in cybersecurity measures.

Resourcing IT Security Teams: Just 44% of businesses allocate dedicated IT resources for their security teams. This exacerbates the difficulties organizations encounter in bolstering their security protocols.

Impact of Emerging Technologies: Hybrid work arrangements, the integration of AI, and the convergence of IT/OT systems present notable challenges. Among these, the adoption of cloud technology emerges as a key hurdle, affecting organizational susceptibility to cyber threats.

SecOps SOS: Struggles with Alert Fatigue and Threat Containment

• Threat Containment and Preparedness: Roughly one in three surveyed organizations voice apprehensions about their lack of adequate resources for containing threats. This dissatisfaction underscores the urgent necessity of fortifying cybersecurity capabilities to efficiently combat evolving cyber threats. Alarmingly, three out of four organizations neglect to conduct regular risk assessments, compounding the difficulty of promptly detecting threats.
• Alert Fatigue: Over half of the surveyed enterprises encounter an average of 221 incidents daily, while two out of five enterprises contend with over 500 incidents each day, resulting in alert fatigue. The primary alerts encountered are suspicious emails (phishing) and multiple failed login attempts, underscoring the critical need for focused training on phishing awareness. Furthermore, alerts related to malware or virus detections, suspicious user behavior, and unusual network traffic also contribute to alert fatigue.
• Workload and Time Constraints: Typically, there's just one SecOps professional for every 214 employees, with each professional handling roughly 48 alerts per day. This workload imposes considerable pressure on cybersecurity experts, affording them approximately 10 minutes to address each alert during an 8-hour workday. Such time constraints underscore the importance of streamlined processes, automation, and prioritization to manage the workload effectively.
• False Positives and Response Time: The issue of false positives remains prevalent, with 74% of respondents indicating that at least a quarter of the alerts they receive are false positives. Top contributors to this include email security alerts/phishing, traffic spike alerts, user account lockout alerts, and cloud security alerts. Furthermore, 82% of teams require more than 15 minutes to validate an alert, emphasizing the necessity for automation.
• Skills Development: Eighty-eight percent of respondents struggle to maintain their team's skills abreast of the swiftly evolving threat landscape. In the survey, participants prioritize automation capabilities (62%) as a crucial skill for Security Operations Centre (SOC) teams, underscoring the increasing significance of automation in cybersecurity. This, combined with the capacity for multitasking, critical thinking, and possessing the right certifications, emphasizes the evolving skill set required to combat dynamic cyber threats.

Automation in SecOps: Current Adoption and Future Possibilities

• High Adoption, and Untapped Potential: Every surveyed organization has integrated automation and orchestration tools into their security operations, emphasizing the widespread acknowledgment of their efficacy in strengthening cybersecurity strategies. However, despite the prevalent adoption of automation tools, the survey indicates that organizations have not fully realized the complete potential of these technologies. Areas for enhancement are identified in aspects such as streamlined response triage, incident containment, remediation, recovery, and threat containment.
• Productivity Gains: Remarkably, approximately 96% of respondents have witnessed substantial productivity enhancements, with automation being credited for at least a 25% improvement in incident detection times.
• Future Plans and Focus Areas for Optimization: Organizations are proactively pursuing the optimization of automation processes to establish a more efficient cybersecurity framework. Looking forward, a notable portion of organizations (60%) across Asia-Pacific intend to implement automation and orchestration tools within the next 12 months. Strategically, organizations are prioritizing the utilization of automation tools to streamline response triage, expedite incident containment, and reduce recovery time.

Beyond Threats: SecOps Preparedness and Future Priorities

• Faster Threat Detection and Response takes center stage: Organizations acknowledge the crucial role of automation in facilitating swift and effective detection and response to cyber threats, demonstrating a proactive stance in enhancing their security resilience. Survey findings reveal that 70.7% prioritize expedited threat detection, while 58.5% aim to enhance overall threat detection capabilities through automation.
• Holistic Automation for Enhanced Security Operations: More than 50% of respondents indicate that the primary areas for automation encompass maximizing visibility, automated responses, and threat intelligence, as well as optimizing the operational efficiency of existing security resources and intelligence. The focus on comprehensive automation indicates a thorough approach to security operations, integrating intelligence optimization and automated responses. This strategy aims to enhance overall efficiency, visibility, and the utilization of intelligence amid dynamic cybersecurity challenges.
• Future Security Operations Priorities: Organizations are preparing to prioritize investments in security operations over the next 12 months. The top five priorities include enhancing network and endpoint security, enhancing staff cyber awareness, strengthening threat hunting and response capabilities, updating critical systems, and conducting security audits. These priorities are aligned with the changing threat landscape and highlight the strategic emphasis on comprehensive cybersecurity measures.

Insights by the Key Representatives on this Survey

Simon Piff, Research Vice-President, IDC Asia-Pacific “Securing modern IT infrastructures requires a continuous commitment to vigilance, proactivity, and adaptability amid challenges posed by hybrid work, AI, and cloud technologies. This dynamic shift from static controls to a risk-centric cybersecurity posture aligns seamlessly with the evolving technological landscape. The integration of AI-assisted tools, reassessment of staffing, potential outsourcing, and increased automation emerge as imperative facets highlighted by the survey, emphasizing the urgency for organizations to embrace automation strategically.”

 Rashish Pandey, Vice President, Marketing & Communications, Asia and ANZ, Fortinet “In the ever-evolving threat landscape, organizations grapple with a spectrum of cyber threats targeting their digital assets. Fortinet's Security Operations Solutions, underpinned by advanced AI, not only address the pressing need for automation but also provide a comprehensive strategy for incident detection and response. Our commitment to empowering organizations in navigating the dynamic cybersecurity terrain is showcased through innovative solutions. These include an impressive one-hour (less in most cases) average time to detect and contain threats, an 11-minute investigation and remediation average, a staggering 597% ROI, a doubling of team productivity, and a substantial $1.39 million reduction in expected breach costs”.

Vivek Srivastava, Country Manager, India & SAARC, Fortinet “In the ever-evolving cybersecurity landscape, 70.7% of organizations prioritize faster threat detection through automation. At Fortinet, we recognize the imperative of swift detection and response as the cornerstone of an enhanced cybersecurity posture. Automation plays a crucial role in promptly identifying and responding to cyber threats, minimizing the window of vulnerability. Our customers' experiences underscore this urgency, with a transformative reduction from an average of 21 days to just one hour for detection, driven by AI and advanced analytics. This signifies a fundamental step in fortifying cybersecurity defenses, where time to detect and respond is paramount. Automation, in this context, emerges as the linchpin in navigating the challenges of today's dynamic threat landscape”.