Firms find threat hunting tasks increasingly challenging: Study

Executing essential cyber security tasks such as threat hunting is becoming increasingly challenging for most Indian organisations, according to a research report published on Wednesday by UK-based cybersecurity firm Sophos.  

In cyber security, threat hunting is an approach in which security experts or ‘threat hunters’ proactively search for security risks hidden within an organisation’s network. Unlike more passive cyber security threat detection systems, this method actively seeks out previously undetected, unknown, or non-remediated threats that could have evaded the organisation’s network, believe experts. 

The new report titled “The State of Cybersecurity 2023: The Business Impact of Adversaries on Defenders,” found that 97% of Indian organisations find execution of security operation tasks, such as threat hunting extremely challenging.  

These challenges also include an understanding of how an attack happened, with 88% of respondents stating they have challenges identifying the root cause of an incident. This can make proper remediation difficult, leaving organisations vulnerable to repetitive and multiple attacks, by the same or different adversaries, especially since 82% of those surveyed reported challenges with timely remediation, the study said. 

In addition, 84% respondent said that they have challenges understanding which alerts to investigate, and 83% reported challenges prioritising investigations. 

"Today's threats require a timely and coordinated response. Unfortunately, too many organisations are stuck in reactive mode. Not only is this having an impact on core business priorities, but it also has a sizeable human toll, with over half of global respondents stating that cyber-attacks are keeping them up at night,” said John Shier, field CTO, commercial, Sophos.   

These findings were also likely the result of the ongoing cyber security skills shortage that Indian organisations are facing which puts them at greater cyber risks. Another report published by cybersecurity firm Fortinet on Tuesday also noted that 84% of the surveyed organisations in India said that the unfilled IT positions due to cyber skills shortage have led to additional cyber threats.  

“The report shows that over 80% of respondents find it challenging to hire certified professionals, which puts organisations at risk. To strengthen their security postures and stay ahead of the growing cyber threat landscape, it's essential for organisations to prioritise cybersecurity training and upskilling,” said Vishak Raman, vice president of sales, India, SAARC & Southeast Asia at Fortinet.  

The Sophos report also points to the fact that a lack of skilled personnel makes investigating alerts take longer. For example, the study noted that 45% of organisations surveyed said that Cyberthreat are now too advanced for their organisation to deal with. This reduces the security team’s capacity and increases the organisation’s exposure to higher levels of risk.