Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

End of Bibblio RCM includes -->
08:05 AM
Connect Directly

Businesses Boost Security Budgets. Where Will the Money Go?

Most organizations plan to spend more on security, leaders say in a report that explores their toughest challenges, post-breach costs, and spending priorities.

Businesses plan to invest more money in cybersecurity, but it remains unclear whether extra investments will prepare them to face advanced attacks targeting the supply chain and crossing hybrid infrastructure – two trends top of mind among security leaders, a new report states.

To learn more about security teams' most pressing obstacles and spending priorities, Splunk teamed up with Enterprise Strategy Group to survey 535 security leaders. Most (88%) leaders report security spending will increase at their organization; 35% say there will be a "significant" boost. The research, conducted a year after COVID-19 lockdowns began and two months after the SolarWinds supply chain attack disclosure, reveals the response to a rise in cybercrime.

Related Content:

Cloud Security Blind Spots: Where They Are and How to Protect Them

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: Cloud Security Blind Spots: Where They Are and How to Protect Them

More than half (53%) of respondents said attacks increased during the pandemic and 84% have experienced a significant security incident in the past two years. The most common type of attack is email compromise (42%), followed by data breach (39%), mobile malware (37%), DDoS attack (36%), phishing (33%), ransomware (31%), and regulatory compliance violation (28%).

More than 40% said the primary cost of security incidents was the IT time and personnel needed to remediate them. Other costs included lost productivity (36%), disruptions to applications and systems (35%), disruption to business processes (32%), breach of confidential data (28%), public breach disclosure (19%), and employees terminated or prosecuted (18%).

Security leaders' job is tougher than it was two years ago, 49% of respondents said. The top challenges they cited include a more complex threat landscape (48%), moving workloads to the cloud and difficulty monitoring the larger attack surface (32%), and workforce hiring (28%).

Cloud is an area of growth and trouble for IT security teams, the report shows. Three-quarters of cloud infrastructure users are now multi-cloud; in two years, 87% expect to use multiple cloud service providers. The percentage of respondents using more than three providers is expected to jump from 29% to 53% in the next two years; in the same timeframe, the number of cloud-native workloads is predicted to increase from 29% to 55%, researchers note in the report.

"For all its elasticity and speed, the pandemic-fueled rush to the cloud left security teams with an expanded scope and fewer security measures in place," says Yassir Abousselham, CISO of Splunk. As hybrid cloud adoption grows, he says, so will security challenges associated with it.

Researchers found that business email compromise attacks, for example, affected on-premises applications and infrastructure 44% of the time, compared to 36% for cloud resources. While in most cases, the differences between on-premises and cloud-based infrastructure were marginal, he says this is a sign attacks are crossing hybrid infrastructure. Attackers who breach an on-premises entry point will try to move laterally, including into cloud applications and data.

Half of leaders surveyed struggle to maintain security consistency across data center and public cloud environments. Nearly 30% struggle with lack of visibility into public cloud infrastructure, and 42% said using multiple security controls increases the associated costs and complexity.

Investing for a Future of Advanced Attacks

The increase in security spend is especially relevant to areas such as cloud security, a priority for 41% of respondents, and cyber risk management (32%). Other high-priority areas include network security (27%), security operations (24%), security analytics (22%), endpoint security (21%), and data privacy (20%).

"With the events that took place this past year, we expect that cloud security spend will continue to be the top priority in 2021," says Abousselham. "Also top of mind in terms of investment will be risk management, identity and access management modernization, and security operations and analytics."

As organizations "sprinted to the cloud" during the pandemic, supply chains became even more intricately connected, expanding the attack surface. When news of SolarWinds broke, many businesses reassessed how they defend against potential supply chain attacks. Respondents claim they will conduct more security controls audits (35%), scan software updates more often (30%), increase penetration testing (27%), and increase multi-factor authentication (26%).

While it caused a number of organizations to rethink their security posture, SolarWinds did not have that effect on everyone: only 47% of CISOs have briefed their executive leadership or boards about the implications. Only 23% have reassessed or changed their policies for vendor risk management, and the same amount have segmented their networks to limit system access.

"There is always more that businesses can be doing when it comes to cybersecurity," notes Abousselham. "SolarWinds served as a prime example of that." He adds that "we have seen much less material improvement plans" following the breach than they anticipated or hoped.

This investment in automation and analytics can help mitigate the challenge of small security teams, researchers state in the report, as the right automation can help employees handle most issues faster than manual processes so they can dedicate effort to more urgent alerts.

Still, Abousselham says that automation, machine learning, and other sophisticated tech can only do so much.

"Although advanced technologies enable organizations to do more with leaner teams, an expanding organization facing growing threats needs to invest in automation while bolstering advanced security talent," he explains. Businesses must be investing in their employees as much as they invest in automation and analytics; however, researchers found that only 19% of organizations will prioritize training security staff and only 15% will prioritize staffing this year.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-02-08
formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula's parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability.
PUBLISHED: 2023-02-08
Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are ...
PUBLISHED: 2023-02-08
The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the cal...
PUBLISHED: 2023-02-08
An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementati...
PUBLISHED: 2023-02-08
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could al...