The difficulty in hiring and retaining skilled personnel is one of the top challenges facing security leaders, according to new research.
Despite considerable investment in security tools, research reveals that organisations are struggling to deal with cyber threats, driving a surge in outsourced services.
The Worldwide Infrastructure Security Report (WISR), published by Netscout, reveals a clear and urgent need for companies to simplify operational security processes to tackle mounting threats, with 92 per cent of respondents stating they sought to reduce complexity.
Operational challenges are compounded by difficulty in hiring and retaining skilled personnel, which, together with lack of headcount or resources, were cited as the top challenges faced by security leaders.
Netscout’s findings show that this is driving an increased reliance on outsourced services, with approximately a third of enterprises outsourcing at least a part of their security operation, up 12 per cent from 2017.
This trend looks set to continue for the foreseeable future, with 39 per cent of respondents stating they expect to increase their investment in outsourced services in the next 12 months.
“Our research reveals that the average enterprise has 22 security tools in place – and – anecdotally we know that some have far more,” said Darren Anstee, chief technology officer, security, Netscout. “Businesses have invested in new tools and technologies to deal with new threats, but this hasn’t resulted in a reduction in risk.
“Having no ability to monitor for such attacks, or not being concerned, strikes us as a lesson waiting to be learned”
“A complex security stack can lead to an inconsistent picture of what is really going on, slowing down operational processes and reducing the effectiveness of security personnel, whilst creating gaps for attackers to exploit. As a result, companies are waking up to the fact that they need a well-integrated security stack and a consistent view across their virtual, physical and cloud resources.
Anstee added: “In leaning on outsourced security professionals, businesses are identifying the shortfalls of their internal processes and capabilities and are moving to address risk in the only way they can. There is nothing wrong with this strategy, as long as businesses are clear that they still own the underlying risk.”
Adding to the challenge facing organisations is an evolution in the distributed denial of service (DDOS) attack size, with 91 per cent of companies experiencing an attack indicating that their internet connectivity was saturated on at least one occasion. These kinds of threats are hindering digital transformation, with 61 per cent of respondents stating that security concerns are creating a barrier to cloud adoption.
With businesses observing a threefold increase in DDoS attacks against software-as-a-service services and attacks against third party data centres and cloud services up by 23 per cent, it is clear that hackers are evolving their tactics to target evolving IT infrastructures. Service providers are also seeing attacks against cloud infrastructure increase, although around a quarter admitted to not knowing whether they had seen or were subject to attacks.
“Businesses have invested in new tools and technologies to deal with new threats, but this hasn’t resulted in a reduction in risk”
“Pretty much every business is either adopting, or looking at adopting cloud, in one way or another,” continued Anstee. “DDoS attacks represent the number one external threat to the availability of cloud services. Having no ability to monitor for such attacks, or not being concerned, strikes us as a lesson waiting to be learned.”
However, progress is being made with the widespread adoption of specialised DDoS migration strategies, including cloud-based services and multi-layered solutions. Enterprises expressed a growing awareness of the damage which DDoS attacks can have on business activities, with nearly 90 per cent of organisations now assessing DDoS risks on a recurring basis, either from an IT or business perspective.
You might also like: