Companies plan to invest more in cybersecurity, but it is unclear whether additional investments will prepare them to deal with advanced attacks on the supply chain and across hybrid infrastructure-this is the top concern of security leaders Two trends.
To learn more about the security teams’ most pressing obstacles and spending priorities, Splunk worked with Enterprise Strategy Group to survey 535 security leaders. The majority (88%) of leaders report that their organization’s security spending will increase; 35% said there will be a “significant” improvement. The study was conducted one year after the COVID-19 lockdown began and two months after the SolarWinds supply chain attack was disclosed, revealing the response to the increase in the number of cybercrimes.
More than half (53%) of the respondents stated that there has been an increase in attacks during the pandemic, and 84% of the respondents have experienced major security incidents in the past two years. The most common type of attack is email leakage (42%), followed by data leakage (39%), mobile malware (37%), DDoS attacks (36%), phishing (33%), ransomware (31%) ) And violations of regulatory compliance (28%).
More than 40% said that the main cost of a security incident is IT time and personnel required for remediation. Other costs include lost productivity (36%), application and system interruption (35%), business process interruption (32%), breach of confidential data (28%), public violation disclosure (19%), and employee dismissal or prosecution ( 18%).
49% of respondents said that the job of a security leader is more difficult than it was two years ago. The main challenges they cited include a more complex threat landscape (48%), moving workloads to the cloud, and difficulty monitoring a larger attack surface (32%) and personnel recruitment (28%).
The report shows that for IT security teams, cloud is a growing and troublesome area. Today, three-quarters of cloud infrastructure users use multi-cloud. Within two years, 87% of people want to use multiple cloud service providers. It is expected that in the next two years, the proportion of respondents using more than three providers will jump from 29% to 53%; the researcher pointed out in the report that in the same time frame, the number of cloud-native workloads is expected to rise from 29% Increase to 55%.
Splunk’s CISO Yassir Abousselham said: “Despite its resilience and speed, the impulse to the cloud caused by the pandemic has expanded the scope of the security team while reducing security measures.” He said that as hybrid cloud adoption grows , The security challenges associated with it will also increase.
Researchers found that, for example, corporate email intrusion attacks affect local applications and infrastructure 44% of the time, while the attack rate for cloud resources is 36%. Although in most cases, the difference between on-premises and cloud-based infrastructure is small, he said that this shows that attacks are crossing hybrid infrastructure. Attackers who violate the on-premises entry point will attempt to migrate laterally, including access to cloud applications and data.
Half of the leaders conducted a survey and worked hard to maintain security consistency between the data center and the public cloud environment. Nearly 30% are struggling due to lack of visibility into the public cloud infrastructure, while 42% said that using multiple security controls will increase the associated costs and complexity.
Invest in the advanced attacks of the future
The increase in security spending is particularly related to areas such as cloud security (41% of respondents give priority) and cyber risk management (32%). Other high-priority areas include cyber security (27%), security operations (24%), security analysis (22%), endpoint security (21%) and data privacy (20%).
“With the events of last year, we expect cloud security spending to continue to be the top priority in 2021,” Abousselham said. “In terms of investment, the most important thing is risk management, modernization of identity and access management, and security operations and analysis.”
When organizations “rush to the cloud” during a pandemic, the supply chain becomes more intricate and expands the attack surface. When the news of SolarWinds came out, many companies reassessed how they defended against potential supply chain attacks. Respondents claimed that they will conduct more security control reviews (35%), scan for software updates more frequently (30%), increase penetration testing (27%), and increase multi-factor authentication (26%).
Although it caused many organizations to reconsider their security posture, SolarWinds did not have this impact on everyone: only 47% of CISOs briefed their executive leadership or the board of its impact. Only 23% have reassessed or changed their supplier risk management strategy, and the same number have segmented their network to restrict system access.
Abousselham pointed out: “In terms of cyber security, there are always many things that companies can do.” “SolarWinds is a good example.” He added that after the violation, “we see much less substantial improvement plans.” Exceeded their expectations or hopes.
The researchers pointed out in the report that this investment in automation and analysis can help alleviate the challenges of small security teams, because the correct automation can help employees deal with most problems faster than manual processes, so they can devote their energy to more On the emergency alert.
Nevertheless, Abousselham said that automation, machine learning and other cutting-edge technologies can only do a lot.
He explained: “Although advanced technology enables organizations to do more with streamlined teams, growing organizations facing growing threats need to invest in automation while also enhancing senior security talent.” The company must invest as much in its employees as it does in automation and analytics. However, the researchers found that only 19% of organizations this year prioritize training security personnel, and only 15% of organizations prioritize staffing.
Kelly Sheridan (Kelly Sheridan) is a contributing editor of “Dark Reading”, focusing on cybersecurity news and analysis. She is a business technology news reporter. She previously reported on her in InformationWeek, where she reported on Microsoft, and reported on finance and economics in Insurance&Technology.