The issue of cross-team cooperation in addressing cybersecurity threats is becoming increasingly complex, as different tools used to classify the severity of threats often contradict each other. According to Tamnoon, a cloud security vendor, CNAPP tools have been found to label the same potential threat differently, with one tool deeming it as “informational” while another identifies it as a critical issue. This discrepancy has led to organizations struggling to prioritize and manage the overwhelming volume of critical alerts, resulting in alerts remaining unresolved for extended periods of time.
The growing complexity of software has also contributed to longer resolution times for fixing flaws. Veracode’s report reveals that the time taken to address software flaws has increased by 47% since 2020, and the number of applications containing high severity flaws has nearly tripled in the same period. While identifying flaws has become easier with advanced technology, the real challenge lies in fixing them, as stated by the report authors.
To address these challenges, experts recommend carrying out more frequent application testing and scanning, in addition to providing comprehensive security training to analysts. Another proposed solution is to focus on reducing overall security debt within organizations, which involves continuously improving code quality and actively searching for vulnerabilities.
By implementing these strategies, organizations can enhance their cybersecurity posture and reduce the risk of falling victim to cyber threats. It is crucial for all stakeholders to work together cohesively and leverage the latest technologies and practices to stay ahead of increasingly sophisticated cyber threats.