Your organization has invested in dozens of cybersecurity tools. But you’re not sure if they’re working as expected.

For example, what percentage of successfully blocked attacks reported by your security information and event management (SIEM) tool are false reports, where the attack actually occurred but was reported as blocked? Zero percent? Fifty percent? How can you know for sure?

Next year’s security spend will likely increase. How should you proceed with additional investment when there’s so much uncertainty about the effectiveness of previous investments? On your next stand-and-deliver to C-level leadership, what do you tell them about the current status of your security infrastructure?

Welcome to the cybersecurity age of uncertainty.

The Good News: You’re Not Alone

This uncertainty is pandemic, and it’s largely the result of the fast-changing threat landscape. Cybercriminals are hatching new schemes for stealing data and causing havoc at an ever-accelerating pace. You and your peers are moving fast and trying not to break things, implementing solutions in an often fragmented way and in an often siloed workplace and siloed data environment.

In fact, more than half of enterprise security leaders don’t know if their security tools are working, according to a new report from the Ponemon Institute and AttackIQ. What’s more, only 39 percent of respondents believe they’re getting full value from their security investments.

Specifically, this lack of visibility into the effectiveness of security tools can be summarized by three things that security leaders should know, but often don’t:

  1. Whether attacks are being stopped or not;
  2. If the organization is getting full value from security infrastructure spending; and
  3. How to provide leaders with a clear picture of the organization’s current security status.

This lack of visibility isn’t evenly distributed across the organization’s infrastructure. The biggest problems are in bring-your-own-device (BYOD), cloud environments and internet of things (IoT) devices.

One problem is experience with false negatives. Some 63 percent of respondents to the Ponemon study said they’d witnessed a security control reporting a blocked attack, when in fact the attack was not blocked. That erodes trust and creates uncertainty, as well it should.

Another problem is the sheer number of solutions. Companies surveyed deploy an average of 47 different cybersecurity solutions, yet only 39 percent said they believe that they’re getting full value from their security purchases. So many separate products and services, so little confidence. Something’s got to change.

A new SANS Institute survey, sponsored by IBM Security, found that a lack of visibility and the complexity of managing data across on-premises and cloud infrastructure are both adding to the risk of cyberattacks. Nearly half (48 percent) of respondents said they lack visibility into organizational data due to a variety of factors, including:

  • Unmanaged devices;
  • Lack of information about where sensitive data is located;
  • Insufficient integration between cybersecurity tools and cloud infrastructure;
  • Poor understanding about threats that target cloud environments;
  • Security analytics tools that are ineffective without a deep understanding of the organization’s data usage — for example, what exactly constitutes “normal” user behavior versus unusual behavior; and
  • Of course, limited staff.

How to Gain Better Visibility Into Your Environment

There are clear steps you can take, even with limited staffing, to gain much better visibility into the effectiveness of the tools you’re using to combat cyberattacks.

  • Get help from artificial intelligence (AI). Instead of trying to use limited staff resources to figure out what’s out there, what constitutes normal behavior among users and, therefore, what constitutes suspicious activity, deploy an AI solution to do that for you.
  • Deploy a threat intelligence platform and get everybody plugged into it. This will accelerate the discovery of shady activity. Sharing (information about possible breaches or attack attempts) is caring.
  • Work to break down silos within the organization to speed up responses to security incidents. Evangelize and champion teamwork across departments for the benefit of all. The best way to tackle data silos is to consolidate security solutions into fewer platforms or one platform from a single vendor. Consolidate, communicate and share.
  • Focus on practices and solutions that will give you visibility into cloud and IoT environments. This is where the lion’s share of visibility problems reside.
  • Conduct penetration testing on a predetermined schedule to uncover any remaining security gaps.

Hope is not a strategy, and wishful thinking is not a plan for success. It’s time to turn that nagging feeling of uncertainty about the efficacy of your cybersecurity tools into an action plan for gaining the visibility you need.

More from Data Protection

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…