Businesses plan to invest more money in cybersecurity, but it remains unclear whether extra investments will prepare them to face advanced attacks targeting the supply chain and crossing hybrid infrastructure – two trends top of mind among security leaders, a new report states.
To learn more about security teams' most pressing obstacles and spending priorities, Splunk teamed up with Enterprise Strategy Group to survey 535 security leaders. Most (88%) leaders report security spending will increase at their organization; 35% say there will be a "significant" boost. The research, conducted a year after COVID-19 lockdowns began and two months after the SolarWinds supply chain attack disclosure, reveals the response to a rise in cybercrime.
More than half (53%) of respondents said attacks increased during the pandemic and 84% have experienced a significant security incident in the past two years. The most common type of attack is email compromise (42%), followed by data breach (39%), mobile malware (37%), DDoS attack (36%), phishing (33%), ransomware (31%), and regulatory compliance violation (28%).
More than 40% said the primary cost of security incidents was the IT time and personnel needed to remediate them. Other costs included lost productivity (36%), disruptions to applications and systems (35%), disruption to business processes (32%), breach of confidential data (28%), public breach disclosure (19%), and employees terminated or prosecuted (18%).
Security leaders' job is tougher than it was two years ago, 49% of respondents said. The top challenges they cited include a more complex threat landscape (48%), moving workloads to the cloud and difficulty monitoring the larger attack surface (32%), and workforce hiring (28%).
Cloud is an area of growth and trouble for IT security teams, the report shows. Three-quarters of cloud infrastructure users are now multi-cloud; in two years, 87% expect to use multiple cloud service providers. The percentage of respondents using more than three providers is expected to jump from 29% to 53% in the next two years; in the same timeframe, the number of cloud-native workloads is predicted to increase from 29% to 55%, researchers note in the report.
"For all its elasticity and speed, the pandemic-fueled rush to the cloud left security teams with an expanded scope and fewer security measures in place," says Yassir Abousselham, CISO of Splunk. As hybrid cloud adoption grows, he says, so will security challenges associated with it.
Researchers found that business email compromise attacks, for example, affected on-premises applications and infrastructure 44% of the time, compared to 36% for cloud resources. While in most cases, the differences between on-premises and cloud-based infrastructure were marginal, he says this is a sign attacks are crossing hybrid infrastructure. Attackers who breach an on-premises entry point will try to move laterally, including into cloud applications and data.
Half of leaders surveyed struggle to maintain security consistency across data center and public cloud environments. Nearly 30% struggle with lack of visibility into public cloud infrastructure, and 42% said using multiple security controls increases the associated costs and complexity.
Investing for a Future of Advanced Attacks
The increase in security spend is especially relevant to areas such as cloud security, a priority for 41% of respondents, and cyber risk management (32%). Other high-priority areas include network security (27%), security operations (24%), security analytics (22%), endpoint security (21%), and data privacy (20%).
"With the events that took place this past year, we expect that cloud security spend will continue to be the top priority in 2021," says Abousselham. "Also top of mind in terms of investment will be risk management, identity and access management modernization, and security operations and analytics."
As organizations "sprinted to the cloud" during the pandemic, supply chains became even more intricately connected, expanding the attack surface. When news of SolarWinds broke, many businesses reassessed how they defend against potential supply chain attacks. Respondents claim they will conduct more security controls audits (35%), scan software updates more often (30%), increase penetration testing (27%), and increase multi-factor authentication (26%).
While it caused a number of organizations to rethink their security posture, SolarWinds did not have that effect on everyone: only 47% of CISOs have briefed their executive leadership or boards about the implications. Only 23% have reassessed or changed their policies for vendor risk management, and the same amount have segmented their networks to limit system access.
"There is always more that businesses can be doing when it comes to cybersecurity," notes Abousselham. "SolarWinds served as a prime example of that." He adds that "we have seen much less material improvement plans" following the breach than they anticipated or hoped.
This investment in automation and analytics can help mitigate the challenge of small security teams, researchers state in the report, as the right automation can help employees handle most issues faster than manual processes so they can dedicate effort to more urgent alerts.
Still, Abousselham says that automation, machine learning, and other sophisticated tech can only do so much.
"Although advanced technologies enable organizations to do more with leaner teams, an expanding organization facing growing threats needs to invest in automation while bolstering advanced security talent," he explains. Businesses must be investing in their employees as much as they invest in automation and analytics; however, researchers found that only 19% of organizations will prioritize training security staff and only 15% will prioritize staffing this year.