Is overconfidence sabotaging your business?

Adarma is a Business Reporter client.

As the frequency of cyber-attacks continues to rise and the costs of breaches soar, companies worldwide are prioritising cyber-security. Coupled with authorities imposing strict regulations, the cyber-security products and services market has significantly increased in recent years.

However, the industry’s fragmented approach to tackling threats has led to the introduction of new solutions as issues arise, adding to the confusion. Many organisations have adopted these tools one by one, believing their growing collection enhances protection. But are they really better off?

Many believe having more security tools means better protection because each tool provides an additional layer of defence. However, this belief can lead to a false sense of confidence. A recent report by security operations specialist Adarma found that UK companies with more security tools felt more confident in their security coverage. However, upon closer examination of the data, it was discovered that the more tools a company had, the more likely they were to have experienced a breach in the previous two years. It’s possible that larger enterprises or those in highly targeted sectors are more likely to have more tools, but regardless, having a variety of tools does not guarantee the safety of the business.

According to the study, organisations that were highly confident in their ability to defend against cyber-attacks were also more likely to have experienced a breach in the past two years. There are a couple of possible explanations for this finding. One possibility is that organisations that have survived a breach may have improved their security measures and become more confident as a result. Alternatively, it may be that overly confident organisations are becoming complacent and failing to adequately review their controls, leaving themselves vulnerable to attack.

Today’s market has become crowded and complex, with various acronyms such as EDR, NDR, MDR, XDR, SIEM and SOAR adding to the confusion. It is no surprise that many companies are struggling to keep up. In fact, 61 per cent of cyber-security professionals admit that the fragmentation of the technology landscape is a barrier to improving their security capability and performance.

Many organisations have resorted to using various technologies to enhance their security posture. However, this has created a complex web of solutions that could result in wasted resources and overlapping features. Or, worse, these numerous tools may leave gaps in coverage that could go undetected, leaving the business exposed.

While each technology may excel in detecting and analysing threats in specific areas such as endpoints, cloud applications or web servers, they often fail to communicate with each other. This results in data silos, commonly referred to as “analytic islands”, that hinder the ability to gain a comprehensive view of the environment.

The effectiveness of these solutions depends not only on their implementation and configuration but also on the expertise of the people using them. It is crucial to piece data together appropriately to gain a holistic view of the situation. Ultimately, it is not just about having the technology, but the people and expertise to ensure they are correctly implemented and configured, and that data is pieced together appropriately for a holistic view.

So, recognising this, how should organisations move forward?

To begin with, security teams must regularly assess their security stack to ensure it performs effectively and meets the organisation’s needs. Here, trust in people is as important as trust in your technology. Organisations must ensure they have the correct know-how to manage these tools, whether that’s found in-house or outsourced.

Next, be strategic with data ingestion. Do not simply open the metaphorical data floodgates. This will only inundate your security team with unactionable information. Instead, conduct threat modelling to identify the unique risks the business will likely come up against, ingest relevant logs accordingly and then define your countermeasures.

Try to avoid analytic islands by collating data from across your security infrastructure to analyse as a whole. An essential element of making this happen is through proper tool integration. Moreover, automation will be vital in accelerating threat analysis while scaling with the ever-expanding volume of data generated.

Then there is the matter of tool configuration. Put simply, the best technologies are of no use if they are not set up correctly. Organisations don’t audit their own finances, nor should security teams mark their own homework. It’s recommended to engage an independent third party for an unbiased evaluation.

Finally, there is the power of consolidation. It is evident that if most organisations are struggling to cope with their sprawling toolsets, we need to rationalise so that there are fewer technologies and integrations to manage. It is undoubtedly an idea many are catching on to, with 80 per cent of UK enterprises affirming that they are consolidating or planning to. Nevertheless, this should be done with caution so as not to jeopardise the organisation’s cyber-resilience. Chances are various internal stakeholders will have a different understanding of what is needed or deemed most valuable, motivated by their own respective needs. Therefore, an independent and impartial security architect is essential to consider all views and select the best route forward.

It is time we took a step back as an industry to re-evaluate the technologies we have collected over the years. We may want to pull out all the stops to combat today’s burgeoning threat landscape, but we seem to have only complicated matters for ourselves in the process. More tools do not guarantee more protection, especially if they are not correctly implemented, configured or talking to one another.

In short, our tools are only as good as those managing them. It is critical that we not only invest in the right technologies but also the expertise to optimise them and make sense of the data they produce.

To find out more, visit www.adarma.com/security-operations-excellence