Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

End of Bibblio RCM includes -->
08:05 AM
Connect Directly

Businesses Boost Security Budgets. Where Will the Money Go?

Most organizations plan to spend more on security, leaders say in a report that explores their toughest challenges, post-breach costs, and spending priorities.

Businesses plan to invest more money in cybersecurity, but it remains unclear whether extra investments will prepare them to face advanced attacks targeting the supply chain and crossing hybrid infrastructure – two trends top of mind among security leaders, a new report states.

To learn more about security teams' most pressing obstacles and spending priorities, Splunk teamed up with Enterprise Strategy Group to survey 535 security leaders. Most (88%) leaders report security spending will increase at their organization; 35% say there will be a "significant" boost. The research, conducted a year after COVID-19 lockdowns began and two months after the SolarWinds supply chain attack disclosure, reveals the response to a rise in cybercrime.

Related Content:

Cloud Security Blind Spots: Where They Are and How to Protect Them

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: Cloud Security Blind Spots: Where They Are and How to Protect Them

More than half (53%) of respondents said attacks increased during the pandemic and 84% have experienced a significant security incident in the past two years. The most common type of attack is email compromise (42%), followed by data breach (39%), mobile malware (37%), DDoS attack (36%), phishing (33%), ransomware (31%), and regulatory compliance violation (28%).

More than 40% said the primary cost of security incidents was the IT time and personnel needed to remediate them. Other costs included lost productivity (36%), disruptions to applications and systems (35%), disruption to business processes (32%), breach of confidential data (28%), public breach disclosure (19%), and employees terminated or prosecuted (18%).

Security leaders' job is tougher than it was two years ago, 49% of respondents said. The top challenges they cited include a more complex threat landscape (48%), moving workloads to the cloud and difficulty monitoring the larger attack surface (32%), and workforce hiring (28%).

Cloud is an area of growth and trouble for IT security teams, the report shows. Three-quarters of cloud infrastructure users are now multi-cloud; in two years, 87% expect to use multiple cloud service providers. The percentage of respondents using more than three providers is expected to jump from 29% to 53% in the next two years; in the same timeframe, the number of cloud-native workloads is predicted to increase from 29% to 55%, researchers note in the report.

"For all its elasticity and speed, the pandemic-fueled rush to the cloud left security teams with an expanded scope and fewer security measures in place," says Yassir Abousselham, CISO of Splunk. As hybrid cloud adoption grows, he says, so will security challenges associated with it.

Researchers found that business email compromise attacks, for example, affected on-premises applications and infrastructure 44% of the time, compared to 36% for cloud resources. While in most cases, the differences between on-premises and cloud-based infrastructure were marginal, he says this is a sign attacks are crossing hybrid infrastructure. Attackers who breach an on-premises entry point will try to move laterally, including into cloud applications and data.

Half of leaders surveyed struggle to maintain security consistency across data center and public cloud environments. Nearly 30% struggle with lack of visibility into public cloud infrastructure, and 42% said using multiple security controls increases the associated costs and complexity.

Investing for a Future of Advanced Attacks

The increase in security spend is especially relevant to areas such as cloud security, a priority for 41% of respondents, and cyber risk management (32%). Other high-priority areas include network security (27%), security operations (24%), security analytics (22%), endpoint security (21%), and data privacy (20%).

"With the events that took place this past year, we expect that cloud security spend will continue to be the top priority in 2021," says Abousselham. "Also top of mind in terms of investment will be risk management, identity and access management modernization, and security operations and analytics."

As organizations "sprinted to the cloud" during the pandemic, supply chains became even more intricately connected, expanding the attack surface. When news of SolarWinds broke, many businesses reassessed how they defend against potential supply chain attacks. Respondents claim they will conduct more security controls audits (35%), scan software updates more often (30%), increase penetration testing (27%), and increase multi-factor authentication (26%).

While it caused a number of organizations to rethink their security posture, SolarWinds did not have that effect on everyone: only 47% of CISOs have briefed their executive leadership or boards about the implications. Only 23% have reassessed or changed their policies for vendor risk management, and the same amount have segmented their networks to limit system access.

"There is always more that businesses can be doing when it comes to cybersecurity," notes Abousselham. "SolarWinds served as a prime example of that." He adds that "we have seen much less material improvement plans" following the breach than they anticipated or hoped.

This investment in automation and analytics can help mitigate the challenge of small security teams, researchers state in the report, as the right automation can help employees handle most issues faster than manual processes so they can dedicate effort to more urgent alerts.

Still, Abousselham says that automation, machine learning, and other sophisticated tech can only do so much.

"Although advanced technologies enable organizations to do more with leaner teams, an expanding organization facing growing threats needs to invest in automation while bolstering advanced security talent," he explains. Businesses must be investing in their employees as much as they invest in automation and analytics; however, researchers found that only 19% of organizations will prioritize training security staff and only 15% will prioritize staffing this year.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...