C-suite leaders believe that the CISO role was tough even before the pandemic, but has now become overloaded
Security leaders say they and their department are up against too many screens, alerts, and systems, with a minuscule amount of solutions to accurately and adequately handle the pain points. Cybersecurity vendors have been churning out endless lists filled with fear, uncertainty, and doubt situations (FUD). These were followed by sure shot “magic bullet” resolutions, marketing, and sales pitches.
Even before the pandemic, the schedules followed by CISOs were filled to the brim and now it’s perpetually overflowing. The major issue is that almost all issues seem like they need immediate and real resolution. The main reason behind this reasoning is that they are much more knowledgeable about the current nature of attacks and can now understand that they may and will be under breach attacks. As a result, they don’t have time to experience the FUD fog drifting their way from multiple vendors. All such vendors are focused on selling their single-purpose tools. Leaders realize that the complexities and cost of buying and deploying such tools can’t always be sustained. Besides, given the high numbers, it is not practically possible to even expect that. Other than that, enterprises have too many screens, unmanaged devices, and more to come due to embedded systems, IoT, BYOD, etc. Analysts are bombarded with a very high volume of information, which leaves them struggling to decide on the real story behind each incident.
Security leaders point out that in addition to the above reasons, the volume of alerts is another factor. IT employees handle a minimum of ten thousand alerts per day and a majority of the employees say that they need a minimum of ten minutes to analyze each alert. They are further disheartened that false-positive occurrences are a result of most of these alerts. This underlines the fact that analysts cannot reach everything, and bad things will end up getting missed.
Security leaders acknowledge that it is impossible for them to monitor every user, endpoint, and app. They however, realize that it is vital to have effective tools to help their teams detect when potential threats might attack. Such tools can then either block or remove them in real-time, thus reducing the impact.
It boils down to the conclusion that security vendors need to change their methods. In the current scenario, it is critical that they are handled as true partners by CISOs, even though spending has decreased and CISOs do not always have the green signal for spending on cyber security tools. The majority of the enterprises will potentially experience an increase in their cybersecurity investment in this and the next year.
Of course, there are still good opportunities for vendors to provide positive, lasting value; however, CISOs are going to analyze and choose more cautiously. To deliver more effective fixes rather than being distracted by FUD scenarios, solution vendors should practice measures like empowering security leaders with actionable data, acknowledging the use of open source solutions, transparency, and availability.