Inadequate resources hinder security teams

Security teams are being hindered from adopting desired risk analysis and threat modeling procedures by inadequate resources, SecurityWeek reports. Ninety-nine percent of IT professionals and executives from medium to large firms reported wanting security posture improvements and 67% said they wanted to perform tool upgrades, which were being hampered by lacking expertise, integration concerns and excessive tools, a survey by Dimensional Research for Netenrich revealed. The report also showed that risk management, incident analysis and threat modeling were cited as respondents' key priorities but less than 40% reported practicing threat modeling and only 30% said they managed external attack surfaces. Moreover, 47% have sought managed service providers but only 17% of MSPs were able to perform threat modeling as the organizations desired. "Developing a rich, continuous threat modeling practice marks a powerful juncture in pivoting from event- or alert- to risk-driven cybersecurity. When those surveyed were asked to elaborate on the value of threat modeling, respondents expressed a clear desire to become more proactive and to determine the likelihood and cost of an attack succeeding," said Netenrich Principal Threat Hunter John Bambenek.