According to my company’s State of the SIEM survey, 97% of security professionals report being confident in their ability to stop adversaries and cyberattacks. Yet, 83% of organizations suffered more than one data breach last year. It’s hard to be a security professional and not look at the glass half-empty. 

What’s causing the disconnect? Our survey has some of the answers. 

We surveyed 500 IT security professionals in the U.S. to learn more about the security information and event management (SIEM) market and the state of cybersecurity overall. It produced some surprising observations about what’s driving the increase in cyberattacks despite industry professionals feeling more confident than ever. 

Here’s what we found: 

1. Prevention Over Detection

As the cyber landscape continues to evolve, it’s important that organizations focus on both prevention and detection, rather than one or the other. 

A driving force behind the sheer magnitude of breaches is that adversaries are already inside networks. Despite this hard reality, the survey revealed that 65% of security professionals still prioritize prevention over detection, investigation, and response and only a little over a third (33%) said detection was the highest priority – and company leaders are putting money where the security teams’ mouth is. 

According to the survey, nearly 71% of security teams spend approximately 21–50% of their security budgets on prevention, but only 59% invest the same percentage in threat detection, investigation, and response metrics (TDIR). In order to slow the increase in cyberattacks, it’s critical to change perspectives and realign investments to focus on adversary alignment. Doing so will improve incident response and remediation. 

2. Burnout Continues to Be a Pain Point

Burnout continues to be a thorn in the side of the cybersecurity industry. With high-pressure situations, tight turnarounds, and a rapidly evolving threat landscape, burnout affects not only individuals, but organizations as well. With high burnout rates, organizations are at risk of an increased susceptibility to errors, higher turnover, and unaddressed vulnerabilities. 

Security teams are struggling to keep pace with adversaries due to blind spots and consistent false alarms. Out of all the survey respondents, only 11% of security professionals could spot malicious behavior in less than an hour, 52% can find threats in one to four hours, and 34% need five to 24 hours. Unfortunately, adversaries can cause serious harm in a short amount of time, and often start data exfiltration minutes into an attack. 

Compounding the problem is that organizations over-rely on their top analysts, putting additional strain on single individuals, resulting in 51% of professionals being extremely concerned that burnout from productivity issues could result in a loss of top talent within the organization.

3. Compromised Credentials Are at the Center of Most Breaches 

According to the survey results, 90% of security experts are dealing with compromised credential incidents, showing that this attack vector has become an adversary’s most powerful tool. Prevention solutions simply can’t detect compromised credentials. And if these are the patterns observed in the U.S., where the survey was conducted, it is likely much worse in other regions such as EMEA and APAC. 

4. SIEM Complications May Be Fueling the Problem 

Forty-six percent of respondents currently operate more than one cloud or on-premises SIEM platform, and among those, the majority (64%) are very confident that they can detect cyberattacks on behavior alone. Fifty-nine percent of those with two or more platforms are also very confident.  

But if security professionals are so confident, why are breaches still happening? It could be because of the complexity between using multiple SIEM platforms. Only 17% of security professionals can see 80–100% of the network. That leaves over 80% of analysts without full visibility, which makes it very likely that security teams have blind spots and adversaries are lurking in the background undetected. 

At first glance, the findings seem to indicate that we’re all doomed, but this is hardly the case. Fortunately, when organizations invest in detection tools, such as cloud-native SIEMs, that have automated insights and behavioral analytics, practitioners are in a much better spot to detect, investigate, and respond to adversaries and burnout is minimized. Having the right tools can minimize burnout and staff turnover, allow organizations to cut costs by eliminating redundancies in the security stack, and provide full visibility. 

The glass may be half-full after all.