eSentire Cybersecurity Report Reveals CIO ‘Insecurity’

Business executives and security practitioners see cybersecurity threats looming — and only a small percentage feel equipped to avoid it. That’s according to Cybersecurity FutureWatch 2018, a report commissioned by eSentire.

This finding is just one in a recent report that’s designed to highlight critical industry developments that will help companies develop cybersecurity plans as technology advances. More specifically, the survey revealed that only one-third of respondents have confidence that their business will avoid a major security event in the coming two years and 60 percent expect an attack will hit them during that time frame.

The report was done by FastForward Strategix for eSentire, the Ontario, Canada-based managed detection and response (MDR) service provider. The results are based on a survey of more than 1,250 senior executives, management and security professionals in the U.S., U.K. and Canada. Those surveyed are responsible for direct buying decisions.

Cybersecurity FutureWatch 2018 looks at key drivers, the current landscape, security maturity, risk review and future view.

eSentire’s Mark Sangster

“Our research confirms that IT teams are trapped in the innovators dilemma of meeting business demands through the adoption of new technologies, while shouldering the accountability for managing the risks and resulting damage associated with the exploitation of emerging technologies,” said Mark Sangster, chief security strategist at eSentire.

At the same time, Sangster acknowledges that line of sight from the IT team to the board is improving, making it easier to articulate security risks and get the necessary resources to mitigate those risks.

“The most mature organizations are doing this by moving beyond device and alert-focused approaches that often focus on tit-for-tat prevention technology and toward threat-based approaches that are both proactive and predictive,” he said.

The cybersecurity survey looked at the adoption of emerging technologies such as cloud, IoT/IIoT and artificial intelligence (AI), as well as big data, mobile apps, social media and BYOD – which is healthy, the report says – and found that emerging technologies pose the largest security risk.

“With cloud [in its second decade] companies are adopting more mature and proven methodologies to secure cloud,” the report states. Not so with IoT/IIoT and AI where the adoption curve over the next three years is outpacing the development of suitable security practices and solutions.

Operational disruption (66 percent) tops the list of key cybersecurity drivers reported in the survey, ahead of significant financial losses and damage to reputation (54 percent), and regulatory penalties (40 percent).

Looking at the current landscape, here are some more key findings:

• Sixty-four percent of security budgets are set to rise in 2019, with only 5 percent of respondents predicting a reduction in spend.
• In 2017, companies spent between $110,000 and $750,000 on security.
• A 45 percent customer loyalty rating implies major dissatisfaction with an incumbent security vendor.
• Cloud security adoption tops the list of security priorities.

The report indicates a correlation between security maturity and susceptibility to risk, an appetite to adopt emerging technologies, and willingness to blend contracted services to augment in-house capabilities.

• Firms using proactive and predictive approaches reduced their risk profile by 30 percent.
• More mature firms are faster to adopt threat detection and response, identity access management (IAM) and cloud-security services to support a boom in the current adoption of cloud-based services (77 percent), mobile applications (60 percent), and IoT (5 percent).
• More mature firms aggressively leverage SaaS and are 35 percent more likely to adopt 100 percent cloud-based security services than firms using a device-centric model.

So where is cybersecurity headed?

Among the key findings in the Future View section of the report, is an expected pivot toward mature, proactive threat hunting and predictive technologies such as machine learning, the direction serious MSSPs will take their business offers.

Cloud adoption will continue to be strong among businesses and the cloud will emerge as the basis of security services, meaning that companies will continue to expand at least hybrid-cloud security services if not full cloud deployments.

AI is shaping up to be tomorrow’s security headache for survey respondents. While cloud-based services are the biggest risk for companies, three years down the road, AI will take that No. 1 spot.

eSentire is offering a new Business Risk Index Tool that provides a free assessment based on simple questions that provide businesses with a snapshot of where and how their security approaches stack up in general — and relative to comparable organizations.