August 30, 2019 By Mike Elgan 3 min read

Your organization has invested in dozens of cybersecurity tools. But you’re not sure if they’re working as expected.

For example, what percentage of successfully blocked attacks reported by your security information and event management (SIEM) tool are false reports, where the attack actually occurred but was reported as blocked? Zero percent? Fifty percent? How can you know for sure?

Next year’s security spend will likely increase. How should you proceed with additional investment when there’s so much uncertainty about the effectiveness of previous investments? On your next stand-and-deliver to C-level leadership, what do you tell them about the current status of your security infrastructure?

Welcome to the cybersecurity age of uncertainty.

The Good News: You’re Not Alone

This uncertainty is pandemic, and it’s largely the result of the fast-changing threat landscape. Cybercriminals are hatching new schemes for stealing data and causing havoc at an ever-accelerating pace. You and your peers are moving fast and trying not to break things, implementing solutions in an often fragmented way and in an often siloed workplace and siloed data environment.

In fact, more than half of enterprise security leaders don’t know if their security tools are working, according to a new report from the Ponemon Institute and AttackIQ. What’s more, only 39 percent of respondents believe they’re getting full value from their security investments.

Specifically, this lack of visibility into the effectiveness of security tools can be summarized by three things that security leaders should know, but often don’t:

  1. Whether attacks are being stopped or not;
  2. If the organization is getting full value from security infrastructure spending; and
  3. How to provide leaders with a clear picture of the organization’s current security status.

This lack of visibility isn’t evenly distributed across the organization’s infrastructure. The biggest problems are in bring-your-own-device (BYOD), cloud environments and internet of things (IoT) devices.

One problem is experience with false negatives. Some 63 percent of respondents to the Ponemon study said they’d witnessed a security control reporting a blocked attack, when in fact the attack was not blocked. That erodes trust and creates uncertainty, as well it should.

Another problem is the sheer number of solutions. Companies surveyed deploy an average of 47 different cybersecurity solutions, yet only 39 percent said they believe that they’re getting full value from their security purchases. So many separate products and services, so little confidence. Something’s got to change.

A new SANS Institute survey, sponsored by IBM Security, found that a lack of visibility and the complexity of managing data across on-premises and cloud infrastructure are both adding to the risk of cyberattacks. Nearly half (48 percent) of respondents said they lack visibility into organizational data due to a variety of factors, including:

  • Unmanaged devices;
  • Lack of information about where sensitive data is located;
  • Insufficient integration between cybersecurity tools and cloud infrastructure;
  • Poor understanding about threats that target cloud environments;
  • Security analytics tools that are ineffective without a deep understanding of the organization’s data usage — for example, what exactly constitutes “normal” user behavior versus unusual behavior; and
  • Of course, limited staff.

How to Gain Better Visibility Into Your Environment

There are clear steps you can take, even with limited staffing, to gain much better visibility into the effectiveness of the tools you’re using to combat cyberattacks.

  • Get help from artificial intelligence (AI). Instead of trying to use limited staff resources to figure out what’s out there, what constitutes normal behavior among users and, therefore, what constitutes suspicious activity, deploy an AI solution to do that for you.
  • Deploy a threat intelligence platform and get everybody plugged into it. This will accelerate the discovery of shady activity. Sharing (information about possible breaches or attack attempts) is caring.
  • Work to break down silos within the organization to speed up responses to security incidents. Evangelize and champion teamwork across departments for the benefit of all. The best way to tackle data silos is to consolidate security solutions into fewer platforms or one platform from a single vendor. Consolidate, communicate and share.
  • Focus on practices and solutions that will give you visibility into cloud and IoT environments. This is where the lion’s share of visibility problems reside.
  • Conduct penetration testing on a predetermined schedule to uncover any remaining security gaps.

Hope is not a strategy, and wishful thinking is not a plan for success. It’s time to turn that nagging feeling of uncertainty about the efficacy of your cybersecurity tools into an action plan for gaining the visibility you need.

More from Data Protection

How governance, risk and compliance (GRC) addresses growing data liability concerns

4 min read - In an era where businesses increasingly rely on artificial intelligence (AI) and advanced data capabilities, the effectiveness of IT services is more critical than ever. Yet despite the advancements in technology, business leaders are increasingly dissatisfied with their IT departments.According to a study by IBM's Institute for Business Value, confidence in the effectiveness of basic IT services among top executives has significantly declined. While AI promises transformational capabilities, particularly generative artificial intelligence (gen AI), the road to realizing these benefits…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Ransomware on the rise: Healthcare industry attack trends 2024

4 min read - According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today