Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

End of Bibblio RCM includes -->
08:05 AM
Connect Directly

Businesses Boost Security Budgets. Where Will the Money Go?

Most organizations plan to spend more on security, leaders say in a report that explores their toughest challenges, post-breach costs, and spending priorities.

Businesses plan to invest more money in cybersecurity, but it remains unclear whether extra investments will prepare them to face advanced attacks targeting the supply chain and crossing hybrid infrastructure – two trends top of mind among security leaders, a new report states.

To learn more about security teams' most pressing obstacles and spending priorities, Splunk teamed up with Enterprise Strategy Group to survey 535 security leaders. Most (88%) leaders report security spending will increase at their organization; 35% say there will be a "significant" boost. The research, conducted a year after COVID-19 lockdowns began and two months after the SolarWinds supply chain attack disclosure, reveals the response to a rise in cybercrime.

Related Content:

Cloud Security Blind Spots: Where They Are and How to Protect Them

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: Cloud Security Blind Spots: Where They Are and How to Protect Them

More than half (53%) of respondents said attacks increased during the pandemic and 84% have experienced a significant security incident in the past two years. The most common type of attack is email compromise (42%), followed by data breach (39%), mobile malware (37%), DDoS attack (36%), phishing (33%), ransomware (31%), and regulatory compliance violation (28%).

More than 40% said the primary cost of security incidents was the IT time and personnel needed to remediate them. Other costs included lost productivity (36%), disruptions to applications and systems (35%), disruption to business processes (32%), breach of confidential data (28%), public breach disclosure (19%), and employees terminated or prosecuted (18%).

Security leaders' job is tougher than it was two years ago, 49% of respondents said. The top challenges they cited include a more complex threat landscape (48%), moving workloads to the cloud and difficulty monitoring the larger attack surface (32%), and workforce hiring (28%).

Cloud is an area of growth and trouble for IT security teams, the report shows. Three-quarters of cloud infrastructure users are now multi-cloud; in two years, 87% expect to use multiple cloud service providers. The percentage of respondents using more than three providers is expected to jump from 29% to 53% in the next two years; in the same timeframe, the number of cloud-native workloads is predicted to increase from 29% to 55%, researchers note in the report.

"For all its elasticity and speed, the pandemic-fueled rush to the cloud left security teams with an expanded scope and fewer security measures in place," says Yassir Abousselham, CISO of Splunk. As hybrid cloud adoption grows, he says, so will security challenges associated with it.

Researchers found that business email compromise attacks, for example, affected on-premises applications and infrastructure 44% of the time, compared to 36% for cloud resources. While in most cases, the differences between on-premises and cloud-based infrastructure were marginal, he says this is a sign attacks are crossing hybrid infrastructure. Attackers who breach an on-premises entry point will try to move laterally, including into cloud applications and data.

Half of leaders surveyed struggle to maintain security consistency across data center and public cloud environments. Nearly 30% struggle with lack of visibility into public cloud infrastructure, and 42% said using multiple security controls increases the associated costs and complexity.

Investing for a Future of Advanced Attacks

The increase in security spend is especially relevant to areas such as cloud security, a priority for 41% of respondents, and cyber risk management (32%). Other high-priority areas include network security (27%), security operations (24%), security analytics (22%), endpoint security (21%), and data privacy (20%).

"With the events that took place this past year, we expect that cloud security spend will continue to be the top priority in 2021," says Abousselham. "Also top of mind in terms of investment will be risk management, identity and access management modernization, and security operations and analytics."

As organizations "sprinted to the cloud" during the pandemic, supply chains became even more intricately connected, expanding the attack surface. When news of SolarWinds broke, many businesses reassessed how they defend against potential supply chain attacks. Respondents claim they will conduct more security controls audits (35%), scan software updates more often (30%), increase penetration testing (27%), and increase multi-factor authentication (26%).

While it caused a number of organizations to rethink their security posture, SolarWinds did not have that effect on everyone: only 47% of CISOs have briefed their executive leadership or boards about the implications. Only 23% have reassessed or changed their policies for vendor risk management, and the same amount have segmented their networks to limit system access.

"There is always more that businesses can be doing when it comes to cybersecurity," notes Abousselham. "SolarWinds served as a prime example of that." He adds that "we have seen much less material improvement plans" following the breach than they anticipated or hoped.

This investment in automation and analytics can help mitigate the challenge of small security teams, researchers state in the report, as the right automation can help employees handle most issues faster than manual processes so they can dedicate effort to more urgent alerts.

Still, Abousselham says that automation, machine learning, and other sophisticated tech can only do so much.

"Although advanced technologies enable organizations to do more with leaner teams, an expanding organization facing growing threats needs to invest in automation while bolstering advanced security talent," he explains. Businesses must be investing in their employees as much as they invest in automation and analytics; however, researchers found that only 19% of organizations will prioritize training security staff and only 15% will prioritize staffing this year.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file