Fragmented cybersecurity vendor landscape is exacerbating risks and compounding skills shortages

The majority of large enterprises spend an average of 3-5 months integrating and training teams on each new security solution - at the expense of threat hunting, vulnerability scanning and security awareness training.

  • 10 months ago Posted in

Attitudes to cybersecurity within the UK's largest organisations are highly contradictory and risk exacerbating existing risks, stress, and inefficiency, new research from SenseOn has revealed. The research - which was conducted by OnePoll and surveyed 250 IT and Security decision makers at UK and Irish companies with more than 250 people - uncovered that the vast majority still subscribe to the belief that 'the more cybersecurity tools you purchase the more protected you are', despite new tools taking an average of 2.4 months to adopt, taking away from other critical activity including threat hunting and security awareness training. The study also found that two thirds of respondents from the largest organisations (5,000-10,000 employees) see third party risk as a primary challenge, presenting a further contradiction to the perception that more tools improves security.

This speaks to a security ecosystem where organisations feel compelled to buy tools to feel better protected, only to find themselves concerned about the necessary exposure of having more suppliers and vendors, and with months in cybersecurity limbo, dedicating even more time to adopting the new tools, rather than using them.

The problem of new tools being hailed as a solution to security problems is further compounded by a chronic lack of staff to adopt - and subsequently manage - these tools. At a time when security professionals are already overwhelmed and under-resourced, new tools can place additional demands on already stretched teams.

Corresponding to this narrative, the same poll of security professionals also found that 95% of respondents believe that stress is impacting staff retention in their organisation. When polled on what technologies would reduce this stress, 83% of respondents highlighted ‘tools that use AI to automate security activity’ and 81% opted for security awareness training.

“The research supports something lots of people working in the industry already know: Cybersecurity is broken.” said David Atkinson, Founder and CEO of SenseOn. “Such a large majority of security leaders reporting their companies reliance on tools in place of a security strategy is a huge concern.

“The tools they are purchasing are expensive, time-consuming to launch, and are not built to integrate with each other. This means that despite spending huge amounts of time and money on them, they do not make an organisation safer - particularly when considering the justified concerns many of these leaders share regarding their supply chain risks.Companies should look to solve these issues by partnering with vendors that can unify multiple security disciplines under a single unified product, which can reduce costs, blindspots, and alleviate much of the stress security teams are currently experiencing.” 

Predictive maintenance and forecasting for security and failures will be a growing area for MSPs...
Venafi has published the findings of its latest research report: The Impact of Machine Identities...
Arctic Wolf to enhance its Security Operations Aurora Platform with best-in-class endpoint...
Nearly 50% of organisations have experienced a security breach in the last two years.
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t...
HP Wolf Security Study highlights cybersecurity challenges facing organizations across the...
Internal test shows estimated scanning speeds of 75,000 backups within 60 seconds.
Deployment allows Korea Hydro and Nuclear Plant (KHNP) to leverage quantum-safe MACsec technology...