August 30, 2019 By Mike Elgan 3 min read

Your organization has invested in dozens of cybersecurity tools. But you’re not sure if they’re working as expected.

For example, what percentage of successfully blocked attacks reported by your security information and event management (SIEM) tool are false reports, where the attack actually occurred but was reported as blocked? Zero percent? Fifty percent? How can you know for sure?

Next year’s security spend will likely increase. How should you proceed with additional investment when there’s so much uncertainty about the effectiveness of previous investments? On your next stand-and-deliver to C-level leadership, what do you tell them about the current status of your security infrastructure?

Welcome to the cybersecurity age of uncertainty.

The Good News: You’re Not Alone

This uncertainty is pandemic, and it’s largely the result of the fast-changing threat landscape. Cybercriminals are hatching new schemes for stealing data and causing havoc at an ever-accelerating pace. You and your peers are moving fast and trying not to break things, implementing solutions in an often fragmented way and in an often siloed workplace and siloed data environment.

In fact, more than half of enterprise security leaders don’t know if their security tools are working, according to a new report from the Ponemon Institute and AttackIQ. What’s more, only 39 percent of respondents believe they’re getting full value from their security investments.

Specifically, this lack of visibility into the effectiveness of security tools can be summarized by three things that security leaders should know, but often don’t:

  1. Whether attacks are being stopped or not;
  2. If the organization is getting full value from security infrastructure spending; and
  3. How to provide leaders with a clear picture of the organization’s current security status.

This lack of visibility isn’t evenly distributed across the organization’s infrastructure. The biggest problems are in bring-your-own-device (BYOD), cloud environments and internet of things (IoT) devices.

One problem is experience with false negatives. Some 63 percent of respondents to the Ponemon study said they’d witnessed a security control reporting a blocked attack, when in fact the attack was not blocked. That erodes trust and creates uncertainty, as well it should.

Another problem is the sheer number of solutions. Companies surveyed deploy an average of 47 different cybersecurity solutions, yet only 39 percent said they believe that they’re getting full value from their security purchases. So many separate products and services, so little confidence. Something’s got to change.

A new SANS Institute survey, sponsored by IBM Security, found that a lack of visibility and the complexity of managing data across on-premises and cloud infrastructure are both adding to the risk of cyberattacks. Nearly half (48 percent) of respondents said they lack visibility into organizational data due to a variety of factors, including:

  • Unmanaged devices;
  • Lack of information about where sensitive data is located;
  • Insufficient integration between cybersecurity tools and cloud infrastructure;
  • Poor understanding about threats that target cloud environments;
  • Security analytics tools that are ineffective without a deep understanding of the organization’s data usage — for example, what exactly constitutes “normal” user behavior versus unusual behavior; and
  • Of course, limited staff.

How to Gain Better Visibility Into Your Environment

There are clear steps you can take, even with limited staffing, to gain much better visibility into the effectiveness of the tools you’re using to combat cyberattacks.

  • Get help from artificial intelligence (AI). Instead of trying to use limited staff resources to figure out what’s out there, what constitutes normal behavior among users and, therefore, what constitutes suspicious activity, deploy an AI solution to do that for you.
  • Deploy a threat intelligence platform and get everybody plugged into it. This will accelerate the discovery of shady activity. Sharing (information about possible breaches or attack attempts) is caring.
  • Work to break down silos within the organization to speed up responses to security incidents. Evangelize and champion teamwork across departments for the benefit of all. The best way to tackle data silos is to consolidate security solutions into fewer platforms or one platform from a single vendor. Consolidate, communicate and share.
  • Focus on practices and solutions that will give you visibility into cloud and IoT environments. This is where the lion’s share of visibility problems reside.
  • Conduct penetration testing on a predetermined schedule to uncover any remaining security gaps.

Hope is not a strategy, and wishful thinking is not a plan for success. It’s time to turn that nagging feeling of uncertainty about the efficacy of your cybersecurity tools into an action plan for gaining the visibility you need.

More from Data Protection

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Third-party access: The overlooked risk to your data protection plan

3 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors. The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In…

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today