The key challenge facing security leaders and putting their organizations at risk of breach is misplaced confidence that the abundance of technology investments they have made has strengthened their security posture, according to a study conducted by Forrester Consulting.
The study surveyed over 250 senior security decision-makers in North America and Europe. Participants included CISO, CIO, IT and security VPs from organizations ranging from 3,000 to over 25,000 employees.
Currently, security leaders employ a variety of tools and technologies to identify risks and test the effectiveness of their security controls. As a result, security leaders are left with point-in-time assessments that require them to cobble together data from disparate systems to truly understand the organization’s security posture. This approach is reactive, labour-intensive, and insufficient in scale.
This has led to a disparity between appearance and reality, whereby security decision-makers are being given a false state of confidence. 86% are confident or very confident they have no gaps in their security controls deployed across devices, applications, people, and data.
However, the complexity of today’s IT infrastructures and the heterogeneity of enterprise security tools make it difficult for security pros to protect their environments. In fact, 97% experience challenges with their tools because they take a traditional reactive approach to fighting cybersecurity threats.
When asked about the biggest challenges that they face with the security tools, the top responses include:
- Controlling coverage gaps across security functions (56%)
- Viewing a comprehensive list of assets across the organization (43%)
- Collecting, normalizing, aggregating, deduplicating, and correlating disparate data (39%)
- Tracking which assets and controls do not meet regulatory and compliance policies (39%)
- Determining the effectiveness of security controls (38%)
- Getting a real-time view of corporate risks (37%)
- Tracking performance of security controls over time (37%)
As the Forrester Consulting study cites: “Rightfully, companies are prioritizing their security and risk initiatives and investing in multiple technologies. Unfortunately, technology investments have provided a false sense of confidence in their security posture. Security leaders must understand that a proactive approach to cybersecurity requires the right tools, not more tools.”
As threat levels increase, 64% of companies are making it a high or critical priority to implement a risk framework aligning cybersecurity risk and enterprise risk. However, the study identifies that one in five do not have a centralized approach for risk management.
Nik Whitfield, CEO, Panaseer: “Traditional security tools are insufficient for proactive cybersecurity as they don’t provide a complete, real-time view of cybersecurity risk. Threats are becoming more advanced, attackers more savvier and regulation is tightening.
“This has created a clear market requirement for automated continuous controls monitoring, a new category of solution that provides real-time visibility of assets. The ability to make informed operational security decisions based on trusted security data and metrics will enable security leaders to have real and validated confidence that the company and customer data is protected.”