Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

5/25/2021
08:05 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Businesses Boost Security Budgets. Where Will the Money Go?

Most organizations plan to spend more on security, leaders say in a report that explores their toughest challenges, post-breach costs, and spending priorities.

Businesses plan to invest more money in cybersecurity, but it remains unclear whether extra investments will prepare them to face advanced attacks targeting the supply chain and crossing hybrid infrastructure – two trends top of mind among security leaders, a new report states.

To learn more about security teams' most pressing obstacles and spending priorities, Splunk teamed up with Enterprise Strategy Group to survey 535 security leaders. Most (88%) leaders report security spending will increase at their organization; 35% say there will be a "significant" boost. The research, conducted a year after COVID-19 lockdowns began and two months after the SolarWinds supply chain attack disclosure, reveals the response to a rise in cybercrime.

Related Content:

Cloud Security Blind Spots: Where They Are and How to Protect Them

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: Cloud Security Blind Spots: Where They Are and How to Protect Them

More than half (53%) of respondents said attacks increased during the pandemic and 84% have experienced a significant security incident in the past two years. The most common type of attack is email compromise (42%), followed by data breach (39%), mobile malware (37%), DDoS attack (36%), phishing (33%), ransomware (31%), and regulatory compliance violation (28%).

More than 40% said the primary cost of security incidents was the IT time and personnel needed to remediate them. Other costs included lost productivity (36%), disruptions to applications and systems (35%), disruption to business processes (32%), breach of confidential data (28%), public breach disclosure (19%), and employees terminated or prosecuted (18%).

Security leaders' job is tougher than it was two years ago, 49% of respondents said. The top challenges they cited include a more complex threat landscape (48%), moving workloads to the cloud and difficulty monitoring the larger attack surface (32%), and workforce hiring (28%).

Cloud is an area of growth and trouble for IT security teams, the report shows. Three-quarters of cloud infrastructure users are now multi-cloud; in two years, 87% expect to use multiple cloud service providers. The percentage of respondents using more than three providers is expected to jump from 29% to 53% in the next two years; in the same timeframe, the number of cloud-native workloads is predicted to increase from 29% to 55%, researchers note in the report.

"For all its elasticity and speed, the pandemic-fueled rush to the cloud left security teams with an expanded scope and fewer security measures in place," says Yassir Abousselham, CISO of Splunk. As hybrid cloud adoption grows, he says, so will security challenges associated with it.

Researchers found that business email compromise attacks, for example, affected on-premises applications and infrastructure 44% of the time, compared to 36% for cloud resources. While in most cases, the differences between on-premises and cloud-based infrastructure were marginal, he says this is a sign attacks are crossing hybrid infrastructure. Attackers who breach an on-premises entry point will try to move laterally, including into cloud applications and data.

Half of leaders surveyed struggle to maintain security consistency across data center and public cloud environments. Nearly 30% struggle with lack of visibility into public cloud infrastructure, and 42% said using multiple security controls increases the associated costs and complexity.

Investing for a Future of Advanced Attacks

The increase in security spend is especially relevant to areas such as cloud security, a priority for 41% of respondents, and cyber risk management (32%). Other high-priority areas include network security (27%), security operations (24%), security analytics (22%), endpoint security (21%), and data privacy (20%).

"With the events that took place this past year, we expect that cloud security spend will continue to be the top priority in 2021," says Abousselham. "Also top of mind in terms of investment will be risk management, identity and access management modernization, and security operations and analytics."

As organizations "sprinted to the cloud" during the pandemic, supply chains became even more intricately connected, expanding the attack surface. When news of SolarWinds broke, many businesses reassessed how they defend against potential supply chain attacks. Respondents claim they will conduct more security controls audits (35%), scan software updates more often (30%), increase penetration testing (27%), and increase multi-factor authentication (26%).

While it caused a number of organizations to rethink their security posture, SolarWinds did not have that effect on everyone: only 47% of CISOs have briefed their executive leadership or boards about the implications. Only 23% have reassessed or changed their policies for vendor risk management, and the same amount have segmented their networks to limit system access.

"There is always more that businesses can be doing when it comes to cybersecurity," notes Abousselham. "SolarWinds served as a prime example of that." He adds that "we have seen much less material improvement plans" following the breach than they anticipated or hoped.

This investment in automation and analytics can help mitigate the challenge of small security teams, researchers state in the report, as the right automation can help employees handle most issues faster than manual processes so they can dedicate effort to more urgent alerts.

Still, Abousselham says that automation, machine learning, and other sophisticated tech can only do so much.

"Although advanced technologies enable organizations to do more with leaner teams, an expanding organization facing growing threats needs to invest in automation while bolstering advanced security talent," he explains. Businesses must be investing in their employees as much as they invest in automation and analytics; however, researchers found that only 19% of organizations will prioritize training security staff and only 15% will prioritize staffing this year.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20028
PUBLISHED: 2021-08-04
** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products, specifically the SRA appliances running all 8.x firmware and 9.0.0.9-26sv or earlier.
CVE-2021-22124
PUBLISHED: 2021-08-04
An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator before 6.0.6 may allow an unauthenticated attacker to bring the device into an unresponsive state via ...
CVE-2021-24014
PUBLISHED: 2021-08-04
Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters.
CVE-2021-32464
PUBLISHED: 2021-08-04
An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execute ...
CVE-2021-32465
PUBLISHED: 2021-08-04
An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a remote user to perform an attack and bypass authentication on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged...