Hiring More Security Experts – Will it Improve Cybersecurity?

This post is also available in: עברית (Hebrew)

While hackers have been constantly reaching out for new technologies, information security teams are also obliged to adopt advanced technological methods in order to confront them. A new research has revealed the “patching paradox” — hiring more security experts does not equal better cybersecurity for organizations experiencing cyber threats and breaches. But the research has found that as long as the prioritization and screening processes of the security threats are carried out manually and are lacking important features, the organization’s security level would not improve even if additional employees will be recruited for the task.

The research, Security Threats Prioritization and Management (Today’s State of Vulnerability Response), was carried out by ServiceNow which commissioned the Ponemon Institute to survey nearly 3,000 cybersecurity professionals. Respondents were based in Australia, France, Germany, Japan, the Netherlands, New Zealand, Singapore, the United Kingdom, and the United States, and represented companies with more than 1,000 employees. The survey was administered online.

According to the findings, 48% of the organization experienced cyber breaches during the last two years’ 57$ of the victims reported that the breaches were carried out through an exposure for which the software patch was already prepared.

Only 34% were aware of the fact that their software was vulnerable.

Companies that avoided breaches rated their ability to patch vulnerabilities in a timely manner 41% higher than those that had been breached. 37% of the victims reported that they do not monitor software vulnerabilities.

64% of the participants said they were planning to hire an average of four additional employees for dealing with security threats in the coming year. However, hiring more employees alone is not enough for optimizing the management of information security threats, claims ServiceNow. Routine automation processes and the prioritization of threats will help organizations avoid the “patching paradox” and allow time for critical activities directed at decreasing the number of breaches.