Integrated visibility and automation needed to combat threats

The ISMG Cybersecurity Complexity Study sponsored by ReliaQuest suggests enterprises are adopting tool unification to boost visibility and automation as managed services growth overcomes skills shortage to enhance threat detection and response capabilities.

New cyber security research focused on large European enterprises suggest an expanding attack surface due to cloud transformation, staff shortages and poor visibility are leading to systemic weaknesses – prompting leaders to focus on threat intelligence, automation and integrating disparate tools in the upcoming year.  About a quarter of respondents plan to invest in managed services to boost their security operations capabilities by extending them with outside expertise.

 

The ISMG Cybersecurity Complexity Study sponsored by ReliaQuest looked at enterprises within the UK, Benelux, France and Germany to explore the causes and impact of complexity on cyber security alongside challenges, priorities, and planned investment decision for 2022.

 

Challenges

In terms of challenges, the study found that the sophistication of adversaries and attacks that ‘evolve faster than enterprises can adapt’ was the single biggest issue for 60% of respondents. This was followed closely by lack of skilled staff (40%) and lack of visibility across disparate tools that are hard to integrate (33%). This lack of visibility theme was persistent throughout the research with 67% stating that ‘improved visibility would do the most to improve efficiency of detection, investigation and response.

 

As the report editor, Tom Field, SVP of Editorial at ISMG says, “These are actually encouraging statistics because they show respondents not only understand they have a problem, but they know the problem is a lack of visibility created by complexity.”

 

The report identifies the main cause of complexity for 47% of enterprises is due to “too many tools that don’t integrate easily.” The second biggest source of complexity was identified by 43% of enterprises as ‘too many devices – managed and unmanaged – connected to the network’ This is further compounded by ‘cloud migration and digital transformation’ that is sighted by 33% of respondents as a significant cause of complexity.  Thus a combination of factors are creating blind spots driving inefficiencies across the threat detection and response process and the inability to combat emerging threats and protect the enterprise. 

 

Priorities

“The survey also highlights the reality of ongoing staff shortages but there seems to be a realisation that fresh recruitment alone is not going to solve the problem,” says John Fedoronko, Vice President of Sales, EMEA for ReliaQuest, “The data suggests that many see a combination of automation and more use of managed services as the best path to strengthen security over the next few years – with the survey finding that just 1 in 3 enterprises (34%) is prioritising in-house cyber security investment compared to over half (51%) that are looking for external assistance.”

 

Investment

The current situation of cyber security tool sprawl and staff shortage leading to complexity has also prompted a shift in 2022 investment plans.  Although 87% said they expect increased or level funding for cybersecurity, when asked about strategy - only 11% stated that new tools were their number one priority. In fact, a higher number (12%) stated that a reduction in cyber security tools and/or vendors was a primary aim.

 

By far the largest investment signals for just over one-quarter of respondents (28%) was a goal to “improve visibility,” while 24% are gearing investments towards automation. The report also found that to improve security operation, more enterprises are looking to external managed security services (37%) which surprisingly overtook In-house management of products (33%).

 

“It is clear, especially when you talk to larger enterprises that they are not prepared to just throw more  resources at the problem through additional point tools that don’t solve the underlying complexity issue, “ says Fedoronko, “It’s evident that enterprises see automation as a way of overcoming many of the challenges they face, but all the data suggest that unless they can achieve better integration between tools and raise visibility – the underlying complexity will remain and they will continue to be challenged with managing and reporting risks and keeping up with the pace of change of the business.”

 

Unification before automation

This sentiment is echoed by ISMG’s Tom Field, “One’s instinct might be to run toward automation as the next big solution. But what do you get if you automate complexity? More efficient complexity. The key is to fix the foundation – unify the disparate tools that are inhibiting visibility and creating complexity. Then you can add a layer of automation to give your human defenders a better fighting chance,” he says, “When you’ve accomplished unity and introduced automation, then you want to operationalize this new power, and it becomes about talent. You may not have the sheer numbers of people necessary; if you do, then perhaps not the right skill sets. More tools will not solve this problem. More talent will. If you lack the skills in-house, then look to a third party or managed service.”


Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and operational cloud services that is unique on the market, enabling clients across the world to meet the challenges of managing their data in the edge to cloud continuum, in line with the highest jurisdictional data governance requirements. Part of the Atos' OneCloud initiative, Atos OneCloud Sovereign Shield is a comprehensive edge to cloud platform ecosystem and highly secure service that improves the level of control clients have over the data they produce and exchange, helping them regain control and effectively deal with legal dependencies.
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets across Europe with further expansion into APAC planned.
Research from Avast has found that employees in almost a third (31%) of Small and Medium Businesses (SMBs) in the UK are connecting to the corporate network using personal devices that do not have any security controls in place, according to IT Decision Makers (ITDMs) within SMBs.
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53% offer backup services.
Trend Micro has published new research revealing that 90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals. Additionally, 82% have felt pressured to downplay the severity of cyber risks to their board.
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real terms’ during 2022 – leading to increased cyber vulnerability.