New survey reveals lack of workers, expertise, and assets driving smaller groups to outsource safety.
As enterprise begins its return to normalcy (nonetheless “regular” might look), CISOs at small and medium-size enterprises (500 – 10,000 workers) had been requested to share their cybersecurity challenges and priorities, and their responses had been in contrast the outcomes with these of an analogous survey from 2021.
Listed here are the 5 key issues we realized from 200 responses:
1 — Distant Work Has Accelerated the Use of EDR Applied sciences
In 2021, 52% of CISOs surveyed had been counting on endpoint detection and response (EDR) instruments. This 12 months that quantity has leapt to 85%. In distinction, final 12 months 45% had been utilizing community detection and response (NDR) instruments, whereas this 12 months simply 6% make use of NDR. In comparison with 2021, double the variety of CISOs and their organizations are seeing the worth of prolonged detection and response (XDR) instruments, which mix EDR with built-in community alerts. That is seemingly as a result of enhance in distant work, which is harder to safe than when workers work inside the firm’s community setting.
2 — 90% of CISOs Use an MDR Resolution
There’s a huge expertise hole within the cybersecurity trade, and CISOs are beneath rising stress to recruit internally. Particularly in small safety groups the place extra headcount is just not the reply, CISOs are turning to outsourced providers to fill the void. In 2021, 47% of CISOs surveyed relied on a Managed Safety Companies Supplier (MSSP), whereas 53% had been utilizing a managed detection and response (MDR) service. This 12 months, simply 21% are utilizing an MSSP, and 90% are utilizing MDR.
3 — Overlapping Menace Safety Instruments are the #1 Ache Level for Small Groups
The bulk (87%) of corporations with small safety groups battle to handle and function their risk safety merchandise. Amongst these corporations, 44% battle with overlapping capabilities, whereas 42% battle to visualise the total image of an assault when it happens. These challenges are intrinsically linked, as groups discover it tough to get a single, complete view with a number of instruments.
4 — Small Safety Groups Are Ignoring Extra Alerts
Small safety groups are giving much less consideration to their safety alerts. Final 12 months 14% of CISOs stated they give the impression of being solely at essential alerts, whereas this 12 months that quantity jumped to 21%. As well as, organizations are more and more letting automation take the wheel. Final 12 months, 16% stated they ignore mechanically remediated alerts, and this 12 months that is true for 34% of small safety groups.
5 — 96% of CISOs Are Planning to Consolidate Safety Platforms
Virtually all CISOs surveyed have consolidation of safety instruments on their to-do lists, in comparison with 61% in 2021. Not solely does consolidation scale back the variety of alerts – making it simpler to prioritize and think about all threats – respondents imagine it would cease them from lacking threats (57%), scale back the necessity for particular experience (56%), and make it simpler to correlate findings and visualize the chance panorama (46%). XDR applied sciences have emerged as the popular technique of consolidation, with 63% of CISOs calling it their best choice.
Obtain 2022 CISO Survey of Small Cyber Safety Groups to see all the outcomes.