By Augusto Barros, VP and Cybersecurity Evangelist, Securonix
A May 2022 study and ebook, “Cybersecurity Solutions for a Riskier World”, by ThoughtLab seeks to answer the age-old question, “How can organizations drive the best cybersecurity performance in a world of escalating digital risks?” Many of its findings are both eye opening and relevant to all organizations that are looking to strengthen their cybersecurity posture.
ThoughtLab interviewed cybersecurity experts and conducted a benchmark study of cybersecurity investments, practices, and performance at more than 1,200 companies in 14 market sectors and 16 countries. Respondents ranged from C-suite executives to direct reports with responsibility for cybersecurity and the widely-respected NIST Framework was used to measure the level of progress organizations had made in tackling cybersecurity.
Respondents by industry
Here are just a few of the findings from “Cybersecurity Solutions for a Riskier World”:
We’re entering a new era of cybersecurity risk and complexity, thanks to—among other factors—the pandemic-driven digitalization and transformation of business and work, a trend towards partner and supplier ecosystems, and evolving technologies such as the multi-cloud, IoT, and 5G. Material breaches rose by almost 25 percent in 2021. Organizations are increasing their spending in cybersecurity to try to adapt to this new environment.
Many organizations are not ready for this new era. Even before the war in Ukraine, 27% of executives, a whopping 40 percent of chief security officers and a third of CISOs said their organizations were unprepared for the rapidly evolving threat landscape. Respondents cite—among other reasons—partner and supplier risk, cybersecurity initiatives that don’t keep up with digital transformation, inadequate budgets, lack of executive support, and a shortage of skilled workers.
The cybersecurity skills shortage is a key impediment to high performance. It’s no surprise that the most advanced cybersecurity performers tend to have larger IT, OT, and cybersecurity staff than lower performers and those employees make up a larger percentage of the overall staff count. They also have more cybersecurity specialists as a percentage of their IT staff than most organizations.
Unfortunately, hiring experienced cyber professionals will only get more challenging as organizations upgrade their cybersecurity strategies to confront the changing security landscape. In fact, the report concludes that the global cybersecurity workforce would have to grow by 65% to keep up with expected demand.
ThoughtLab cites outsourcing as one solution for organizations that can’t get the cybersecurity expertise in house. In fact, organizations that are more advanced in the NIST Framework tend to outsource their security operations centers, bug bounty programs, and privacy management.
However, automation may be another solution, as we discuss in Automation, the Key to the Cybersecurity Skills Shortage. The automation offered by advanced next-gen SIEM platforms can help organizations stay ahead of, prioritize, and respond to a large number of emerging threats, allowing staff to focus their resources on the most critical. We don’t expect automation and AI to fully replace humans, but organizations must reach higher productivity levels in threat detection and response to mitigate the pressure to hire more resources as the intensity of threats and volume of data grows.
A risk-based approach to cybersecurity is a key to high performance. Leaders in risk-based management saw fewer security incidents and material breaches in 2021 than beginners. In fact, those ahead in their NIST implementation tended to have a strategy centered on a risk-based approach and supply chain risk management, which are vital in this era of pandemic supply chain disruptions and geopolitical challenges from the war in Ukraine. Organizations that are most advanced in supply chain risk management show faster times to detect, mitigate, and respond to such attacks.
To succeed, organizations must move from simple detection to continuous monitoring, particularly for anomalies and detected events, according to the report. Organizations in the NIST advanced stage tend to have these areas well covered, but their gulf with lower performers is very wide.
Investing in advanced SIEM and SOAR solutions, such as those offered by Securonix, can help drive better monitoring and results. A SIEM delivers more visibility and data points to help teams make more granular decisions and makes it easier to filter and spot patterns in huge amounts of security data, but only if it has the right analytical capabilities, according to the report.
The good news is that organizations are understanding better the importance of increased visibility and threat detection and response capabilities. The study found that more than a quarter of organizations have invested in SIEMs, with just under a quarter planning to make a substantial investment over the next two years. Users cite a host of benefits advanced SIEMS provide, including faster threat detection and higher quality security data, particularly for SIEMs supported by advanced analytics.
The growth of cloud and multi-cloud computing is also driving SIEM upgrades to newer solutions that can accommodate the scale and integrate well with cloud infrastructure and applications. A COO of a German healthcare provider said that his most effective security investment was a SIEM.
Organizations are embracing automation at record levels for accurate detection, workflow optimization, and response time acceleration. The report found the organizations with better incident dwell time use AI and ML compared to 17% of organizations with poor dwell time performance. Automation is also a great way to supplement staff work at a time when cyber talent is in short supply, according to the report. A CISO of a US energy firm said that automation can actually help attract cyber talent, as recruits know they won’t be spending a lot of time working on lower-level mundane tasks.
29% of organizations with excellent dwell time performance use AI and ML vs. 17% of those with poor dwell time.
High performers draw on the latest technology but avoid product proliferation. The survey found that organizations who have not experienced breaches have invested in both fundamentals such as email security and identity management and more specialized cloud access security brokers, cyber risk models, and SIEMS. They take a multivendor approach but prioritize consolidation over product proliferation. More advanced organizations have made more progress in tool and infrastructure consolidation than lower performers. Mature consolidation trends, such as the convergence of SIEM, UEBA, and SOAR are good opportunities for organizations trying to keep product proliferation under control.
This is only a small sample of the findings. You can get a very comprehensive view of the factors that drive organizational cybersecurity success by downloading “Cybersecurity Solutions for a Riskier World” or you can also listen to a very enlightening webinar on the topic here.