The seemingly unending list of threat actors successfully targeting Australian organisations, and a corresponding rise in financial losses and regulatory scrutiny, has firms, leaders and cybersecurity teams on edge.
Australian and New Zealand businesses lost almost 10% of their revenue to cyber attacks in the last year, recent research by Fastly shows. That is leading many to contemplate the extent to which their security infrastructure is fit-for-purpose, and what opportunities exist for optimisation.
While cybersecurity strategies can already be considered ‘living documents’, subject to a range of continuous improvement and enhancement measures, many of these strategies will require some more specific and targeted rework in 2024 to better prepare organisations for the next year of defensive operations.
Cost and efficiency are likely to be front-and-centre in this round of enhancements. That’s not to say these factors haven’t been important previously; it’s more that the constant evolution and materialisation of threats in the cybersecurity landscape has driven patterns of spend and behaviours that – cumulatively – haven’t necessarily left organisations in the best place to deal with the constantly evolving range of threats they encounter. Instead, it has left many organisations and security teams battling with environmental complexity.
Many businesses have tried to hit the moving target of cyber threats by following a trends-based approach, investing in tools on an as-needed basis or based on what they believe to be the most current or prevalent threat. The result is a security stack made up of disconnected tools that can’t be easily integrated with each other, or that aren’t being leveraged to their full extent.
The inability of past investment decisions to provide effective future coverage from a cybersecurity perspective is now driving important conversations into the foreground. The result is a growing desire to reign in spiralling cybersecurity expenditure while future proofing cybersecurity infrastructure against the constantly shifting threat landscape.
Tool Talk
On average, Australian and New Zealand organisations rely on seven different network and application cybersecurity solutions, according to Fastly’s research. Less than half of these tools are fully deployed in a production setting. Primarily, by not fully deploying security tools – such as by running them in log-only mode – security teams miss out on any of their positive effects. In this state they exist only to point out threats after they have made themselves felt on the network.
In addition, there is also substantial overlap in the capabilities of some of these tools. While layering is often considered a sound defensive approach, the reality is that it produces data and visibility silos that are hard to manage. In addition, the presence of duplicated functionality and unnecessary overlap may be indicative of overspend. At the end of the day, that money could be better utilised to address capability gaps or to broaden coverage.
As a result, we’re observing a renewed focus on creating a more simplified cybersecurity footprint – slimming down the number of tools in the stack, reducing functional overlap, and driving increased utilisation of the consolidated tool portfolio. Working with a lower number of vendors is helping teams to simplify their security footprint and reduce costs.
Some investment in newer tooling that is capable of servicing more than one security domain or functional area may still be warranted. However, it’s important that any new solutions have a single, easy-to-use interface that allows full visibility of the system at a glance and easily integrate not just with each other, but with the entire response toolchain. Ensuring tools can be integrated in such a way is as much about planning and mindset as the tools themselves, but the ideal end state is one where security tooling is as lean and interoperable as possible.
Employing Alternative Approaches
In addition to slimming the tool portfolio and number of security vendors, organisations are utilising other strategies as well to simplify their stacks and optimise spending.
One of the ways they’re doing this is by partnering with professionals who understand the objectives of an effective cybersecurity strategy. The complexity of the threat landscape makes these objectives challenging to meet, however collaboration is an inexpensive way to begin re-strategising. Where possible, it’s best to trust security teams to consult expert groups that can obtain the required information.
Another emerging strategy is to increase the use of a Managed Security Services (MSS) approach to addressing cybersecurity threats. Nearly 30% of organisations have begun to use MSS over the past year and a further 40% plan to do the same, as they look to reduce toil for their security teams, and with good reason. More than a third (36%) of cybersecurity professionals feel that new talent entering the industry lacks the necessary skills to protect their business, which is why 48% of businesses are having to increase their spending to capture the right talent.
Turning to Managed Service Providers is helping organisations to cost-effectively bridge the skills gap while avoiding the risk of overcomplicating their internal cybersecurity posture.
