Due to the volume of vulnerabilities and threat alerts that cybersecurity professionals deal with every day, many are feeling overwhelmed and stressed by their jobs, according to a Bay Dynamics survey released on May 17.

“Security professionals are overwhelmed by endless threats and vulnerabilities and are unable to decipher which ones could cause the most harm,” said Ryan Stolte, co-founder and CTO at Bay Dynamics.

According to the report, 67 percent of government respondents said they feel overwhelmed by the number of vulnerabilities they have to address, and an equal number are overwhelmed by the number of threat reports generated by their monitoring systems. In addition, 50 percent reported high or very high stress levels because of their job responsibilities.

More than three-quarters of all respondents, which included security professionals from manufacturing, finance, government, and other industries, said that their patching approval process is largely manual. In fact, respondents said that half of all automated threat reports have to be re-prioritized manually, because the original prioritization was not correct.

“They lack confidence in their security tools’ prioritization capabilities, and thus end up manually stitching together the information needed to re-prioritize the most critical vulnerabilities and imminent threats,” said Stolte. “To relieve the pain, security teams need a system of record that automatically prioritizes threats and vulnerabilities based on financial impact to the organization, delivers that information to the individuals responsible for action, and provides updates of their mitigation status.”

“Considering most respondents say they need to rely on manual methods to manage threats and vulnerabilities, it is clear there is a façade in front of security program maturity which is spread throughout the management chain,” said David Monahan, security and risk management research director at Enterprise Management Associates, the research firm that conducted the survey. “When security professionals paint a rosier picture than reality, every role above them is falsely insulated leading to poor program decisions. That’s why transparency is essential. Everyone should have access to the same set of data at any moment in time.”

Read More About
More Topics
Jessie Bur
Jessie Bur
Jessie Bur is a Staff Reporter for MeriTalk covering Cybersecurity, FedRAMP, GSA, Congress, Treasury, DOJ, NIST and Cloud Computing.