As seen on Security Boulevard
A survey of 214 senior executives involved in cybersecurity decisions found more than half (53%) would replace their entire current stack of platforms if there were no budget constraints.
Conducted by Threater, a provider of a platform for blocking network threats, the survey also found that 65% of organizations currently have nine or fewer tools in their security stacks, with half reporting they added three or more technologies in the last year. A quarter said they have added six or more.
In addition, the survey found 60% of respondents noted they have altered their security decisions because of new rules being enforced by the Securities and Exchange Commission (SEC).
Well over two-thirds (68%) are also planning to add artificial intelligence (AI) tools to their existing stack in the coming year, the survey also finds.
Threater CTO Pat McGarry said the survey makes it clear that despite ongoing investments in cybersecurity, large numbers of senior executives are looking to overhaul their cybersecurity operations. The challenge they face is that acquiring new platforms requires levels of expertise to manage them that continue to be in short supply. Half of organizations that have more than 250 employees have 10 or fewer dedicated cybersecurity employees.
Most organizations are now between a rock and a hard place because they lack the budget required to modernize their cybersecurity stacks at a time when attacks continue to increase in volume and sophistication, noted McGarry. Given limited resources, most organizations would be better served by prioritizing their efforts based on the sensitivity of the data that needs to be secured, he added.
In theory, at least, organizations might be able to partially fund upgrades by replacing existing tools with platforms that promise to make it simpler to centralize the management of cybersecurity. However, there is usually a delay between when a new platform is installed and when the potential cost benefits of consolidation can be realized. Organizations will also need to have confidence that any platform they acquire will enable them to reduce the total number of tools they currently employ.
In the meantime, cybercriminals are similarly looking to modernize the tools they use to launch attacks. AI technologies can help them as much as they might help defenders, noted McGarry. In effect, organizations are now involved in an AI arms race with adversaries that typically have access to considerably more funding.
Each organization in 2024 will need to decide how to respond to the cybersecurity challenges that lie ahead, but the one thing that is certain is the tactics and techniques used by cybercriminals will continue to evolve. The challenge and the opportunity now is to determine the level of investment required to make the most efficient use of limited staffing, given how difficult it is to hire and retain cybersecurity expertise.
Regardless of approach, it’s clear that legacy approaches to managing cybersecurity are not as effective as initially hoped. As disappointing as that might be, the only thing worse is to continue to rely on existing tools and platforms that, at best, offer limited protection.