A shortage of security experts puts pressure on combating threats
Cybersecurity professionals are in such short supply across New Zealand and Australia that they are being placed under significant pressure to manage security alerts, a cyber expert says.
Glenn Maiden, director of threat intelligence operations at FortiGuard Labs Australia and New Zealand, the elite threat intelligence and research arm of cybersecurity solutions provider Fortinet, underscores the significant strain on security operations (SecOps) professionals in New Zealand.
SecOps—a term denoting a highly skilled capability combining an organisation’s security and IT operations staff—is increasingly seen as crucial for tackling the complex cyber threat landscape. According to a recent study by the International Data Corporation (IDC), commissioned by Fortinet, there is an average of one SecOps professional for every 180 employees in New Zealand-based companies.
This staffing ratio results in each professional handling approximately 33 alerts per day. Maiden emphasises the variable nature of these alerts: some are straightforward and quickly resolved, while others are complex, requiring extensive analysis and possibly days to address effectively.
In the standard eight-hour workday, SecOps staff have less than 15 minutes on average to investigate each alert. This timeframe is often insufficient for the more severe or intricate alerts, highlighting the need for business leaders to reassess their SecOps capacity and resource allocation to better handle potential threats.
Given the difficulty of recruiting SecOps professionals, Maiden says these pressures further complicate the task of keeping networks, devices and information secure in the face of increasing ransomware attacks and more insidious, sophisticated threats such as espionage.
In New Zealand in 2024, this includes challenges such as phishing attacks, unpatched vulnerabilities, insider threats and identity theft.
The IDC study revealed that 50 per cent of organisations rate phishing as their top concern, while 62 per cent of companies in New Zealand reported at least a two times increase in ransomware incidents in 2023, compared to 2022.
Despite this, only 50 per cent of businesses across Asia-Pacific have dedicated IT resources for security teams. So why are organisations underinvesting in cybersecurity in the face of growing cyber threats?
“The recruitment issue isn’t to be underestimated,” says Maiden. “For companies already struggling to understand their attack surface and cyber risk profile, attracting and retaining scarce subject matter experts compound the challenge.”
High-profile data breaches have increasingly focused C-suite executives’ attention on the potential reputational damage such incidents can cause. This awareness is prompting a re-evaluation of cybersecurity strategies to mitigate risks and protect their businesses’ integrity.
In Australia, organisations now face significant fines for data breaches, adding a strong financial incentive to enhance security measures. However, according to Maiden, the absence of comparable financial penalties in New Zealand doesn’t offer the same motivation to bolster cybersecurity.
“Company boards put a lot of focus on health and safety because they can put a price on it; there are big penalties for breaches,” he says.
“Cybersecurity has been less tangible, with boards accepting risks even if they don't fully understand them. That approach is no longer viable given the catastrophic impact that a cyber issue can cause.”
However, Maiden says there is plenty New Zealand businesses can do, even with thinly-spread SecOps teams and economic headwinds putting pressure on budgets.
Automation in SecOps is playing a crucial role, with 84 per cent of respondents to the IDC survey reporting that they have embraced automation and orchestration tools in their SecOps.
However, the survey revealed ample scope for greater use of automation and artificial intelligence (AI), particularly in streamlining response triage, incident containment, remediation and recovery.
“Fortinet has heavily embraced automation,” says Maiden. “We analyse substantial volumes of network traffic every day. If we see an emerging threat, our AI will determine whether it’s something we are already protecting against or if we need to adapt with a new countermeasure.”
“From this point, we can proactively push out the new protections to every customer on the planet.”
He says optimising automation will help SecOps teams deal with the alert fatigue that sees precious time currently eaten up responding to lower-level threats.
“The idea is to automate as much as possible, so an organisation’s most valuable resources—its people—aren’t dealing with 33 security alerts a day, just the ones that really matter.”
Cybersecurity priorities identified by New Zealand companies for the next year include boosting network and endpoint security, empowering staff cyber awareness, elevating threat hunting and response, updating critical systems and performing security audits.
“These are all critical steps to take to deal with the evolving threat landscape,” says Maiden.
“Having a consolidated suite of tools to automate and make everything as lightweight and efficient as possible is the future of cybersecurity. Fortunately, that’s Fortinet’s specialty. We are no one-trick pony. We offer nearly 60 cybersecurity products, and we match them to the particular needs of a business and its risk profile. That’s how we can take on these threat actors together.”
Discover how you can implement automation and AI within your organisation to enhance threat detection speed and improve responses to security incidents. Download the SecOps Success Blueprint: Transforming Cybersecurity with Automation and AI report today.