Cyber security spending continues to rise steadily but many organisations are failing to upgrade essential tools to identify and respond to threats, a study from consultancy company Ovum has found.
The report, Business Has a Crucial Need for Continuous Threat Visibility and Cybersecurity Management Services, found that 31% of respondents relied solely on outdated cyber security tools, such as basic search and monitoring. This leaves organisations increasingly susceptible to cyber attacks as criminals discover new vulnerabilities and attack methods that older cyber security tools can’t identify.
The good news is that most organisations are regularly updating their cyber security tools. Respondents claimed that annual spending on cyber security tools had risen by between 9% and 12% in the past year, and 69% of respondents said they had switched to a more evolved, analytical approach to defence.
‘An exciting future’
Commenting on the report, Kirsten Bay, president and CEO of Cyber adAPT, which commissioned the study, said: “New generation technologies offer an exciting future for the cybersecurity industry. Many [chief information security officers (CISOs)] are struggling to persuade their boards to invest in new solutions, having failed to demonstrate the returns delivered by outdated tools – in fact, almost 60% of respondents thought they received poor value from their existing investments.
“A platform approach, bolstered by AI and machine learning is set to offer real returns for cybersecurity customers. Technology will no longer rely on human input to detect threats and will prioritize alerts to streamline the CISOs [sic] workload, reducing the amount of time a threat is active inside a network.”
Andrew Kellett, principal analyst at Ovum, added: “With an evolving threat landscape, CISOs are battling to equip organisations to improve security and data protection. The lack of available resources within internal teams creates a vulnerability that technology must address. Prioritizing risk must be the focus to ensure effective returns on cyber security investment and safeguard network infrastructures.”
Make your CISO’s job easier
The study’s findings support a recent Ponemon Institute survey that polled CISOs on their biggest security concerns. It found that 67% of respondents believed their organisation was more likely than ever to be hit by a cyber attack or data breach, with many blaming a lack of competent in-house staff and the inability to keep up with the sophistication of criminal hackers.
Both these studies indicate that organisations either aren’t investing enough in cyber security or are investing in the wrong areas. To avoid these mistakes and maintain a balanced and effective approach to cyber security, organisations should adopt ISO 27001, the international standard that describes best practice for an information security management system (ISMS).
An ISMS is a centrally managed framework for keeping information safe. It consists of a set of policies, procedures and controls, and can be applied either to the entire organisation or a specific area or department.
Organisations that implement an ISMS can:
- Secure information in all its forms, including digital and paper-based data, intellectual property, company secrets, and data on devices and in the Cloud;
- Increase their resilience to cyber attacks;
- Respond to evolving security threats;
- Reduce the costs associated with information security; and
- Improve company culture.
Implementing an ISO 27001-compliant ISMS is a complex undertaking that will involve the whole organisation. As such, you’d benefit from advice before starting. We offer products and services to suit your needs, including books, toolkits, training courses and consultancy.