ReliaQuest, in partnership with the Information Security Media Group (ISMG), has released a survey of more than 200 cybersecurity professionals in Europe titled “2021 EMEA cybersecurity complexity study: How can you streamline your time to response?”
The good news is: asked how they rate their organisation’s ability to respond quickly and effectively to today’s cybersecurity threats, 87% of survey respondents say they are average or above. But they do admit that too many devices—managed and unmanaged, an increasing number of disparate security tools and cloud transformation are increasing the complexity of their environments.
Key Themes: Visibility and Automation
With cloud transformation and the influx of new devices, the IT environment is more dynamic than before. What used to be a defined enterprise perimeter is dissolving fast. To protect critical assets in this new paradigm, teams are investing in new technologies; adding to the already accumulated set of disparate technologies and potentially expanding the visibility gap. The worldwide talent shortage is not helping either, but the survey responses suggest that security leaders in Europe might be looking at automation and outsourced services.
In this blog, we’ll discuss some of the results of the survey, including security priorities among European leaders, cybersecurity complexity as a whole, and how companies are using their existing tool landscape.
Security Priorities among European Cybersecurity Leaders
Perhaps unsurprisingly, priorities varied widely among our survey respondents. The most common top priority across all respondents was “Meet industry regulations and compliance (GDPR, etc.)” at 25%. However, this didn’t hold true when broken down by geographical area: Eastern Europe’s top priority is to “consolidate tools in an effort to be more effective” (36%), and UK respondents cited “Migrate to the cloud securely” as their key effort.
While most respondents were confident and comfortable with their detection, investigation, and response capabilities, they do feel there is room for improvement. Automation (71%) and visibility (67%) led the way followed by additional staff (46%). This is not surprising given that the more disparate tools you have, the more blind spots you create. And the only way to overcome this is to integrate these tools so you have one cogent view into your security infrastructure—whether it is on-premises or in the cloud. Next, security leaders, while emphasizing the need for human analysts, understand the validity and potential of automation.
Cybersecurity Complexity in Europe
Respondents, overall, acknowledged rising complexity as a challenge to cybersecurity operations.
Chief among the contributors to that complexity was the influx of tools and their inability to integrate easily (47%). Traditionally security tools have been notorious for not playing well with each other creating silos across the organisation. As organisations add more tools to cover gaps, this problem widens and actually becomes a detriment to effective threat detection and investigation.
The influx of new devices (43%) and cloud transformation (33%) have also spurred more complexity in the enterprise. In a way, this is related to the “tool sprawl” problem, since, as more business enablement technologies are embraced, they open up the attack surface that security teams rush to control and close gaps.
The bane of cybersecurity operations continues to be talent shortage. Organisations are finding it difficult to not only recruit people to manage day-to-day operations, but also to keep up with the sophistication of emerging security tools. In fact, respondents said that their scarce staff are spending too much time on data collection to identify threats or manage and optimise security tools. As a result, more security leaders are turning towards automation (45%). The survey also suggests an increased interest in managed services to augment and force multiply existing teams.
The survey shows that many enterprises are handling their cybersecurity operations in-house (41%). But the majority (52%) report that capability is split between in-house and the use of external managed services and/or outsourcing. But when asked about their security operations centre (SOC), 27% claimed that they use a third-party SOC while 48% claim they run their own SOC. So it is clear that there is a penchant to own the SOC and manage things in-house, but leaders are not blind to the challenges such as resource shortages. 45% are investing in automation to help alleviate the burden on analysts, while 25% said they expect to engage with managed service providers in the upcoming year.
Security Spend in Europe
Given the prevalence of visibility and automation in these findings, it is unsurprising that respondents’ top 2022 objectives were “Improved visibility — integrate and bring singular view across tools” (28%) and “Automation — automate low-level tasks so analysts are relieved of tedium” (19%).
To achieve these goals, most organisations are dedicating more spend to their security programs. Nearly 75% are boosting their budgets by at least 1 to 5%, and just 3% are expecting a decrease.
Where are those funds going? Some of it is going to technology and service investments. 41% of respondents listed cloud security tools as a priority, followed by threat intelligence (36%) and security orchestration and automated response (SOAR) (33%). Organisations are also planning on bringing in more help: 38% plan to turn to managed services to help them scale or improve their security operations.
Cybersecurity professionals worldwide are facing similar problems. Combatting bad actors requires agility and out-of-the-box thinking, and European organisations are turning to a combination of tools and services to help them achieve successful outcomes.
However, with more tools comes more complexity. Visibility gaps are one of the worst instigators of vulnerabilities, and most companies suffer from at least some level of visibility gap.
Most companies are hopeful, though, that automation can help them keep up. By automating menial tasks, they can ensure that their staff is energised and ready to respond to incidents quickly and thoroughly.