There’s no doubt that defense against data breaches is a priority among businesses and organizations of all sizes. Research for Cynet’s State of Breach Protection 2020 report found that most organizations — 73 percent — will see their security budgets increase in 2020.
The research, based on a poll of 1,536 cybersecurity professionals, reveals the majority of organizations will primarily focus on searching for and patching vulnerabilities in their systems and preventing zero-day malware execution. These were a priority for 63 percent and 54 percent of survey respondents, respectively. The next closest primary focus, detecting advanced threats already existent in the environment, came in at only 17 percent.
Security Solutions of Choice
This year, most organizations will focus on dealing with weaponized email attachments and links, ransomware, and banking trojans or other malware that collects passwords directly from browsers.
Roughly 70 percent use email protection and vulnerability management as well. Notably, no other breach protection technologies are used among the majority of survey respondents.
A majority of organizations, around 60 percent for each project, will focus their security budgets on three kinds of breach protection projects: SIEM/Next-Gen SIEM, network traffic analysis, and EDR/EPP.
The poll also revealed that 26 percent of organizations surveyed don’t have a breach protection project planned for this year. Among them, 72 percent say they have issues managing their current protection technologies and have no ability to add another one. Respondents report several obstacles preventing the desired level of protection:
- 78 percent say there was a difficulty with managing, maintaining, and overheard operation of the security products they currently use.
- 61 percent say that the skill level of their security team was an issue.
- 53 percent have an issue with the sizes of their security team.
- 47 percent have an insufficient budget for what would be the necessary amount of security products for their environment.
- 31 percent see their organizations produce more alerts than their security teams have the capacity to handle.
It’s apparent that some of the challenges that organizations face stem from the lack of proper tools. Most organizations, 61 percent, have no centrally consolidated security alerts, with investigations taking place from individual product consoles. Only 11 percent have centralized management, with all network, user, and endpoint security alerts normalized and displayed on a single screen. Unfortunately, 77 percent of organizations see their security teams, due to their capacity limits, ignore anywhere from 20 to 60 percent of daily alerts.
Most organizations have low or mid-level automation in their incident response workflows. The 49 percent with low automation have remediation of each type carried out separately on the effective product, such as EDR to isolate infected endpoints, and 42 percent with medium automation have a single dashboard from which to manage remediation. Only 9 percent have a single dashboard that allows users to configure automated playbooks.
Who Handles Organizations’ Security?
About half of organizations have security deployment, maintenance, and response in-house, while they outsource alert monitoring and investigation. Roughly another quarter of respondents keep everything in-house, and only 9 percent outsource all of their breach protection.
Of all organizations, 73 percent would like to outsource their alert monitoring and prioritization, and 54 percent would also like to see managed security service providers investigate an attack’s cause, scope, and impact. Conversely, 31 percent would rather handle all of their incident response in-house.
Security Solutions Don’t Reflect Deployment Preferences
Cynet’s research also revealed that organizations preferred Software as a Service (SaaS) deployment models, while 34 percent prefer on-premises solutions. However, there is a wide gap between preference and the actual architecture of the surveyed organizations: 61 percent of those surveyed have a deployment model made up of 80 percent on-prem and 20 percent cloud.
This disparity, along with the challenges organizations face to implement and manage the solutions they need, indicate that the market is primed for solutions. Are you ready to deliver?