Last week we shared some statistics about the impact Phishing emails have and some baseline recommendations a business can implement to minimize the effect on their organization. Phishing dwell time is the time an organization has exposure to a phishing attack and similar to “attack dwell time”, industry experts generally acknowledge that once insider access is achieved, the impact of the attack could go unnoticed for days, week, and even months before it’s discovered and remediated. Verizon Data Breach Investigation Report1 has addressed this in prior years as “time to discovery.” Because Phishing attacks require some manual effort to research and resolve, the longer the response takes, the longer the dwell time is; the amount of time available to stop Phishing attacks is directly affected by constraints on resources and time.

IT professionals wear many hats. They are the evaluators of vendor solutions, implementers of technology, maintainers of operational components, project managers for custom initiatives the CEO wants completed, and teachers/trainers for employee issues. So how does one maintain all of these roles and also be a cyber security superhero considering they face both time and resource constraints. How do they reduce cost and still deliver value within a secure computing environment?

A typical day for an IT professional might involve “break-fix” IT issues, attending planning meetings, rolling out application patches, evaluating new or replacement solutions with vendors, helping the CEO with a custom project, and mentoring employees to use technology efficiently while reassuring them their endpoint is malware free and won’t crash on them. Whether providing desktop services for endpoints, maintaining phone systems, email gateways and servers, tweaking network services, working on application support and integrations, planning for future storage capacity as part of their business continuity plan, or allowing employees BYOD devices, with all of this to do, IT professionals need to assess how much time is spent on security monitoring and plan how much time can be spent on security monitoring. Acknowledging known constraints, IT professionals can build their security policies, processes and staff schedules to prioritize their workload, all while optimizing response times to Phishing attacks.

Constraints on Resources and Time

IT departments have constraints on both the resources available to them as well as their time.

  • Limited staff to manage the needs of the entire organization. Depending on the size and charter of an organization, an IT department may be staffed as 1:100 employee ratio2, and down to 1:18 ratio3. So while the ratio can vary widely, the number of employees per each IT staff member noticeably impacts helpdesk resolution times and the ability to tackle Phishing investigations with a timely response. Some organizations choose to outsource as a way to ease the demand. Past “Key IT Metrics Reports”4 from Gartner showed that depending on industry surveyed, as high as 22-28% of an IT security budget was allocated to outsourcing, and this had more than doubled in only a few years (based on data in the 2010 report).
  • Limited budget to implement additional solutions. A 2016 SANS survey (IT Security Spending Trends5) reported that between 4-9% of organizational budgets are spent on security and that as a percentage of overall budget is growing. However some organizations’ budgets remain flat. In fact, a more recent survey6 on IT Spending and Staffing Benchmarks shows that “52% of IT executives feel that their IT budgets are somewhat or very inadequate to meet the needs of the business.”
  • Limited time to research and respond to cyber security threats. Microsoft7 estimated that almost 70% of IT professionals have a significant issue with the timeliness of threat intelligence feeds, and only 31% rated them as very accurate. This means IT staff must deal with vetting the information themselves which not only takes time but resources too. “68% of security professionals say their time is consumed chasing down false alerts and sifting through more than 17,000 malware alerts each week.” A 2017 “State of the Network” study8 by AVAVI revealed that 88% of survey respondents responsible for the Enterprise network are involved in security investigations with 80% reporting an increase in the time they spend on investigations. Additionally, 75% reported spending up to 10 hours per week working exclusively on security issues. Lastly, over 50% reported an increased sophistication of attacks with 63% seeing a spike in email and browser malware.

There are links to additional free resources below that can help you learn more about Phishing and you can also check out EdgeWave Anti-Phishing Solutions:

Part 3 of this 4-part series will take a deeper look at how employee behaviors regarding cyber security impact the organization. Are there employee-initiated security issues and incidents that could be avoided? Is responding to these security issues another constraint on IT professionals’ time? And what can be done to stay ahead of highly-targeted and always-evolving Phishing threats that dwell in the network when there never seems to be enough time in the day to monitor, investigate and resolve it.

EdgeWave ePrism is up for a Cybersecurity Excellence Award. Be sure to cast your vote!

Join our next webinar, Phishing: Hook, Line and Sinker, on October 24, 2017 @8:00 a.m. PDT.

Supporting Resources:

National Cyber Security Alliance (NCSA):

STOP. THINK. CONNECT.™ is the global online safety awareness campaign to help all digital citizens stay safer and more secure online:

Department of Homeland Security Cybersecurity Toolkits:

Report Phishing:

1 – Verizon Data Breach Investigation Report:
2 – Help Desk: What is the optimal corporate IT staff to end user ratio?
3 – Do You Need More Help Desk Tier 2 Support Staff?
4 – IT Key Metrics Data 2014: Key Outsourcing Measures: Outsourcing Profiles: Overview
5 – IT Security Spending Trends:
6 – IT Spending and Staffing Benchmarks 2017/2018: IT Budget and Cost Metrics by Industry and Organization Size
7 – How much time do you spend on false security alerts?
8 – Nearly 90 Percent of Enterprise Network Teams Spend Time Troubleshooting Security Issues; 80 Percent Report More Time Spent on Security vs. Last Year