Saryu Nayyar | Forbes.com »
Of all the potential threats to business continuity—supply chain disruption, pandemic shutdowns, inflation, etc.—what is most concerning to business risk management experts? It turns out they lose the most sleep worrying that cyberthreats will hurt their companies. This is according to the Allianz Risk Barometer, an annual report based on a global survey of risk management professionals. For the second year running, cyberthreats top the list with 44% of the responses.
These concerns are well founded. The firewall vendor Check Point Software reports that in the last quarter of 2021, cyberattack attempts reached a record high, leaping to 925 attempts per week per company. Researchers at ThoughtLab concur with the increase in threats, claiming in their report “Cybersecurity Solutions for a Riskier World” that the average number of data breaches and cyberattacks in 2021 grew 15.1% over the previous year (download required). The number of material breaches suffered by respondents to ThoughtLab’s survey rose 20.5% from 2020 to 2021.
With more threats sending the risk level higher, companies are responding with higher budgets to combat cyberthreats. Gartner just released research indicating that spending on information security and risk management will grow 12.2% in 2022, and by 2026, spending will undergo a compound annual growth rate of 11.0%.
Are cybersecurity budgets being wasted?
Even as companies throw more money toward their cybersecurity budgets, businesses aren’t getting the value they expect from their investments. It’s the cybersecurity professionals themselves who claim their companies are wasting money.
At the June 2022 RSA Conference, which was attended by thousands of the world’s foremost cybersecurity authorities and practitioners, my company conducted a survey of attendees to discover what they believe are the biggest challenges to their security operations. We gained a lot of insight, but perhaps one of the most surprising findings is that half (53%) of the responding businesses feel they have wasted more than 50% of their cybersecurity budget and still cannot remediate threats.
Forty-three percent of survey respondents say their number one challenge in threat detection and remediation is an overabundance of tools, while 10% of organizations lack effective tools for remediating cybersecurity threats.
This is not to suggest that cybersecurity budgets should be cut, but that prudence is needed in the way funds are spent.
The cybersecurity practitioners told us they couldn’t be effective in detecting and mitigating threats because they have too many tools to manage and an overwhelming number of unprioritized alerts coming in at once. The irony is that although organizations may feel adding additional tools to the security mix would create a more secure environment, it actually reduces the effectiveness of a cybersecurity posture by sending the security staff in too many directions at once.
For many, the time to detection is too long.
Over a quarter of survey respondents can detect threats in real time, and one-third can detect threats within hours. Real time is certainly the optimal situation, as some of today’s sophisticated attacks can begin delivery and execution of harmful malware within minutes of gaining a foothold on a network or endpoint. Ransomware, for example, can take as little as 15 minutes from the initial infection of a system to complete encryption/destruction of essential files and backups.
That’s why it’s troubling that 33% of those surveyed shared that it takes them days and even weeks to detect threats. Worse yet, over 6% say they are still unable to detect threats at all. With the tools available today, no organization should be in a position where they are unable to detect threats that could seriously affect their business. Being proactive in the approach to security is critical to help stand up against the volatile threat landscape.
More security tools don’t necessarily make things better.
While quick threat detection is critical, it’s not the end game. Threats must be mitigated or neutralized to prevent or minimize harm to the organization. One-third of the security professionals have spent hundreds of thousands of dollars attempting to remediate threats. Fifteen percent spent millions on this effort. This shows that organizations persistently pursue threat investigations to detect and stop malicious actors. But sadly, a good number of the solutions they’re using don’t deliver the expected results—not delivering as advertised.
Let’s take a deeper look at the cybersecurity professionals’ complaints about relying on too many tools. For many organizations, this is a throwback to legacy processes to monitor disparate systems, meaning that one tool is used to monitor network devices. Another is used to monitor desktop devices. A different tool is used to oversee OT or IoT devices. There are tools for cloud environments, others for on-premises use and still more for coding and development processes. Many are deployed for a specific purpose.
In fact, according to Ponemon Institute’s Cyber Resilient Organization Report 2020, the average number of security solutions and technologies in use by enterprises is 45. This study says that companies are better able to respond to a security incident when fewer individual tools are used.
Converge the data for better analysis and prioritization of threats.
No single cybersecurity tool or platform is ever going to address all needs. Tools are highly specialized for a reason. What companies need to do, however, is move toward convergence of the critical data from the disparate tools into a single source. Here the threat indicator data can be contextualized, analyzed and correlated using machine learning and artificial intelligence tools and, ultimately, prioritized according to risk. This will reduce the number of dashboards and alerts that security analysts need to follow and direct them to the most important threats that must be addressed first.
Companies that are able to do this will find better value in the tools they have, see their security operations staff become more efficient and effective and take a major step toward becoming a more resilient organization.