Over half of enterprise firms don’t have a clue if their cybersecurity solutions are working
Over half of enterprise companies investing in cybersecurity tools and solutions to protect their business interests have no idea how well they are performing, research suggests.
On Tuesday, AttackIQ and the Ponemon Institute released new research on the current state of cybersecurity strategies and investment in the enterprise realm.
The report, "The Cybersecurity Illusion: The Emperor Has No Clothes," includes responses from 577 IT and IT security practitioners working for US enterprise companies and suggests that while security budgets are increasing, awareness around cybersecurity as a whole is not.
On average, enterprise firms are spending $18.4 million every year on cybersecurity and 58 per cent are planning to increase this level of investment by up to 14 per cent over the 2019 - 2020 period.
However, those surveyed admitted that after deployment, cybersecurity solutions monitoring is thin on the ground and a total of 53 per cent have no idea how well the tools and software implemented in corporate networks are performing.
With 47 cybersecurity solution deployments reported as an average, it is no wonder that IT staff have a tough time tracking and monitoring each tool.
A lack of visibility can muddy the water when it comes to a return on investment (ROI) and, furthermore, can mask any existing security holes which remain unresolved despite the implementation of cybersecurity solutions.
Only 39 per cent of survey respondents said that their organizations are receiving full value from their investments, but this in itself could indicate that monitoring and performance metrics are an issue when it comes to ROI.
Cybersecurity and IT staff included in the research also reported an interesting issue with false reports and inadequate barriers to their networks. In total, 63 per cent said they have experienced a security control reporting a threat blocked when in reality, the tool failed to stop malicious behaviour.
"When processes and solutions like this fail, many companies respond by throwing more money at the problem," Larry Ponemon, founder and chairman of the Ponemon Institute commented. "Further security spending needs to be put on hold until enterprise IT and security leaders understand why their current investments are not able to detect and block all known adversary techniques, tactics, and procedures."
The fog surrounding cybersecurity in enterprise networks also appears to be contributing to failures in preventing data breaches. In total, 58 per cent of respondents said a lack of visibility is a reason data breaches still occur at their companies, and only 41 per cent of IT professionals believe their teams are effective in finding and plugging security holes in corporate infrastructure.
When it comes to penetration testing, less than 60 per cent of those surveyed said routine tests take place, and close to one-third have no set dates or schedules in place. In addition, less than half -- 48 per cent -- of respondents said that a security validation (CSV) platform is used to monitor the security of their networks.
"Companies are spending far too much money on cybersecurity solutions without knowing if they are effective," said Brett Galloway, AttackIQ CEO. "More than half of the experts surveyed admit they are in the dark about how well the technologies they have are working and if they're truly effective, which is alarming considering companies are relying on these technologies to protect sensitive information including customer data."
source zdnet
Industry: Cyber Security
Latest Jobs
-
- Security Analyst - Internal role. London commutable. Permanent
- London
- N/A
-
Security Analyst - Internal role. London commutable opportunity. Operational Security - Investigate, escalate and proactively work to ensure household name remains protected. Project Security - Coordinate, log change requests with project delivery teams to meet security requirements Policy / compliance - work with team to aid in uplifting these as and where needed This role is role to investigate, escalate and proactively work to protect a globally recognised brand. You must have current hands on operational analytical security experience with Microsoft technology stack Someone with a SOC Analyst / security engineering background would be well suited. This position will join a small team and would suit someone that has broad experience across the security threat landscape. Experience / knowledge across industry GRC standards such NIST, ISO27001 etc very advantageous and a priority. You will work across multiple teams proactively working to secure the business. Must be able to commute to Central London 3 days a week. Visa sponsorship not available Apply today to find out more.
-
- Network / Security Infrastructure Engineer | West London | Permanent
- London
- N/A
-
Network / Security Infrastructure Engineer | West London | Current Config, Install, upgrade experience On prem / Datacetner experience essential. Hands on experience MUST include: Routing, Switching, Network Security (firewall, IDS etc), Microsoft exchange / Exchange 365. Scripting / automation experience wanted. Python, Powershell etc Regular travel to West London is required. Visa sponsorship not available. Apply today for more information chris.holt@dclsearch.com Use this whatapp link to reach out https://wa.me/message/6USF5RAQBOZIP1
-
- SailPoint File Access Manager Consultant/ Architect
- N/A
- discussed on applications
-
SailPoint File Access Manager (SailPoint FAM) Consultant/ Architect is required for an up coming projects, Ideally looking for someone with experience in Designing and deploying SailPoint FAM , this is a new Deployment, you will work with customer in the initial workshop phase, to understand requirements and to get the initial design, you will then be responsible for deploying the solution. This is a home based role, with some onsite visits required during the length of the project. We are looking for someone who has previous experience in Deploying SailPoint FAM (ideally done design work) Need to have experience with SharePoint and ideally Azure and Share file
-
- DV Cleared CyberArk Consultant- Contract
- City of London
- Upto £700 per day
-
CyberArk Consultant is needed to be responsible for leading the deployment of CyberArk solutions for this Secure government site You will work with customer, helping to create CyberArk Strategic Roadmaps, on-boarding accounts, product and process integration into the CyberArk Solution and Proviso of Installation and technical Documentation. We are looking for this individual to have experience in: In CyberArk deployment, and ideally leady the deployment both strategically and also technically for this project we need the consultant to hold current DV cleared status For the right individual this could be a long term project.