Fragmented cybersecurity vendor landscape is exacerbating risks and compounding skills shortages

The majority of large enterprises spend an average of 3-5 months integrating and training teams on each new security solution - at the expense of threat hunting, vulnerability scanning and security awareness training.

  • 8 months ago Posted in

Attitudes to cybersecurity within the UK's largest organisations are highly contradictory and risk exacerbating existing risks, stress, and inefficiency, new research from SenseOn has revealed. The research - which was conducted by OnePoll and surveyed 250 IT and Security decision makers at UK and Irish companies with more than 250 people - uncovered that the vast majority still subscribe to the belief that 'the more cybersecurity tools you purchase the more protected you are', despite new tools taking an average of 2.4 months to adopt, taking away from other critical activity including threat hunting and security awareness training. The study also found that two thirds of respondents from the largest organisations (5,000-10,000 employees) see third party risk as a primary challenge, presenting a further contradiction to the perception that more tools improves security.

This speaks to a security ecosystem where organisations feel compelled to buy tools to feel better protected, only to find themselves concerned about the necessary exposure of having more suppliers and vendors, and with months in cybersecurity limbo, dedicating even more time to adopting the new tools, rather than using them.

The problem of new tools being hailed as a solution to security problems is further compounded by a chronic lack of staff to adopt - and subsequently manage - these tools. At a time when security professionals are already overwhelmed and under-resourced, new tools can place additional demands on already stretched teams.

Corresponding to this narrative, the same poll of security professionals also found that 95% of respondents believe that stress is impacting staff retention in their organisation. When polled on what technologies would reduce this stress, 83% of respondents highlighted ‘tools that use AI to automate security activity’ and 81% opted for security awareness training.

“The research supports something lots of people working in the industry already know: Cybersecurity is broken.” said David Atkinson, Founder and CEO of SenseOn. “Such a large majority of security leaders reporting their companies reliance on tools in place of a security strategy is a huge concern.

“The tools they are purchasing are expensive, time-consuming to launch, and are not built to integrate with each other. This means that despite spending huge amounts of time and money on them, they do not make an organisation safer - particularly when considering the justified concerns many of these leaders share regarding their supply chain risks.Companies should look to solve these issues by partnering with vendors that can unify multiple security disciplines under a single unified product, which can reduce costs, blindspots, and alleviate much of the stress security teams are currently experiencing.” 

Acquisition of leading DSPM company will bolster Proofpoint’s human-centric security platform...
NTT DATA’s new Managed Detection & Response service powered by Palo Alto Networks Cortex XSIAM...
SPG is enhancing its cybersecurity capabilities in a new partnership with Saviynt, a leading...
Graylog has unveiled significant security advancements to drive smarter, faster, and more...
Datadog has published its new report, the State of Cloud Security 2024. The report found that...
ISACA research shows automating threat detection/response and endpoint security are the most...
Strategic partnership unifies AI-native endpoint security and next-generation firewall protection...
Advanced forms of social engineering are on the rise, though obvious gaps like weak passwords are...