The pace of technological change over the last 10 years has been high.
Security products have become more automated, utilising the latest technology, such as artificial intelligence (AI), in an effort to get ahead of the criminals attacking IT infrastructure. Yet, despite all this, and the claims from the security industry that their innovations will put cyber criminals out to pasture, we are still seeing ransomware and other cyber attacks in news headlines on a daily basis. This wave of progress is yet to extinguish cyber threats, in fact it has barely made a splash – Verizon’s Data Breach Incident Report 2022 confirms this, showing cyber threats are on the rise in EMEA.
Clearly the system is broken, but the question is what? The simple answer is businesses are being overwhelmed by a cyber world that is increasingly complex. As technology has become increasingly prevalent across the entire business, it is vital executives find a solution to this growing problem or continue to face severe disruptions.
The current status quo
Despite businesses facing some of the highest inflation rates in decades, and the UK predicted to enter a recession, experts have stated cybersecurity spending will either rise or hold steady in 2022, with cumulative spending potentially reaching $1.75 trillion by 2025. Alongside this, in just five years, cybersecurity has moved up the agenda for board directors. With 88 percent viewing it as a business risk, compared to just 58 percent originally. Companies are aware they need to improve their cybersecurity posture if they are to defend themselves from growing threats, and the potential fall out if they are successfully breached by a cyber criminal.
The number one issue for many security teams remains ransomware, which has increasingly been responsible for the most high-profile incidents. It is also not slowing down, with cyber security researchers in Q1 of this year observing a 21 percent increase in ransomware attacks compared to Q1 2021. However, this is not the only vector teams need to be concerned about – malware, phishing scams, password breaches, the list of dangers businesses face is growing longer by the day.
On top of this, cyber criminals have become increasingly agile, being able to change tactics, techniques and procedures instantly. Making it incredibly difficult for organisations to stay ahead of malicious actors and keep both their and their customers’ data safe.
Trying to find the needle in the haystack
As demand for cybersecurity has increased vendors have increasingly turned to more complex technology to try and differentiate themselves from the crowd. Unfortunately, this has created a situation where, when simplicity and clear instructions are needed, teams are instead faced with a deluge of notifications and alerts.
As the impact on businesses from cyber attacks has increased, companies have become more susceptible to sales teams promising the latest solution, which in the end creates more obscurity in their security than clarity. With so much noise in the marketplace it has created a situation where teams are trying to find the malicious needle in the haystack.
While using the latest technology is not a bad approach, the rate it has been developed and pushed out to the market has left business leaders trailing in its wake. Meaning many don’t integrate it properly with the rest of their stack or deploy it incorrectly. Making the security system less effective as different software fails to communicate.
Filtering out the noise
Many industries like to create a veil of jargon which keeps outsiders in the dark. However, this should not be the case in cybersecurity. When time is of the essence, spending valuable minutes googling what a certain phrase means can slow an entire response down. In a practical sense, this means doing something companies are likely scared to do and reducing the amount of cybersecurity tools within their stack and focusing on training support and tailored outsourced expertise. This allows firms to ensure staff know how to effectively use the tools they have and create a halo effect on an organisation’s ability to respond to cyber threats.
Simplifying the terminology and the tools available will allow all employees to have a better understanding of cybersecurity. Creating an environment of successful collaboration that ensures problems get fixed and mistakes don’t happen again, if a breach does occur.
Creating a robust cybersecurity programme relies on everyone in the business becoming involved. It also can’t just be focused on the headline threats of the day but take into account the whole roster of threats that exist in the world. From the tools, to the people and processes, everyone needs to understand their role in improving cybersecurity for the company. By keeping it simple companies protect themselves from the fast-paced threats that exist today.
About the Author
Ian McShane is VP of Strategy at Arctic Wolf. The cybersecurity industry has an effectiveness problem. Every year new technologies, vendors, and solutions emerge, and yet despite this constant innovation we continue to see high profile breaches in the headlines. All organizations know they need better security, but the dizzying array of options leave resource-constrained IT and security leaders wondering how to proceed. At Arctic Wolf, our mission is to End Cyber Risk through effective security operations
Featured image: ©Forestgraphic
