In late 2022, SafeBreach commissioned S&P Global Market Intelligence to conduct a research project surveying 400 highly qualified security practitioners across the United States and Europe. The goal was to understand respondents’ biggest security challenges, the level of adoption and maturity of the continuous security validation (CSV) tools they use to address those challenges, and the business outcomes they achieved.
The findings indicated that while organizations continue spending more on security every year, they remain plagued by the burden of increasing compliance requirements, escalating costs and risks associated with the ever-expanding attack surface, and unrelenting malware/ransomware attacks. Additionally, in the face of economic headwinds, security professionals are looking to reduce business risk and prove to executive stakeholders that their security budgets are being spent prudently and effectively to protect their organizations.
Key Findings
- Regulatory complexity is a top challenge:
- 46% of respondents said the primary challenge driving security teams today is the increasing complexity/effort to comply with regulations and internal security policies.
- 45% were concerned with the increased costs and risks associated with the growing number of devices and expansion of the attack surface.
- 33% said ransomware attacks were a primary risk.
- Ransomware attacks surge, but organizations are not prepared:
- Nearly half (47%) of respondents indicated they experienced a ransomware attack in the past year; 56% of organizations victimized by ransomware paid ransom, yet only 39% of payments resulted in successful data recovery.
- The number of companies paying ransom rose by a rate of 2.5x compared to findings from 451 Research’s 2022 Voice of the Enterprise: Information Security, Endpoint Security study (fielded nearly a year earlier), where just 22% of respondents paid ransom.
- Only 50% of those reporting a ransomware attack activated a formal ransomware recovery and remediation plan, indicating that many have yet to create and rehearse formal plans, a key success factor in recovering from an attack without significant business impact.
- “Swivel chair management,” also known as tool overload, creates security gaps:
- Security teams are overwhelmed by the quantity of security tooling available to them, creating silos of information that make it difficult for them to perform their jobs effectively.
- Analysts have access to an average of 21-30 tools in total and use 11-20 of them regularly (at least weekly). This is a sobering statistic given the amount of time and money required to install, maintain, and train staff to use these tools, and can result in delays in incident response due to the number of tools in use.
- In practice, many security tools are deployed tactically to satisfy a specific use case or compliance requirement, with little thought given to how (or if) analysts will use them in their day-to-day jobs.
- Breach and attack simulation (BAS) capabilities are key to reduce business and operational risk while maximizing return on investment (ROI):
- 95% of respondents said identifying unpublished, signatureless and zero-day vulnerabilities is a highly or somewhat valuable capability of BAS.
- 94% valued utilizing the cyber kill chain as a mechanism for identifying and remediating security weaknesses.
- 93% said identifying high-risk vulnerabilities and aiding SecOps and IT in prioritization of remediation is critical.
- 99% of respondents using BAS reported a positive ROI.
Steady increases in the size and complexity of attack surfaces, coupled with ever-more-sophisticated attackers, have prompted organizations to shift from primarily defensive approaches to more proactive strategies that continuously test and validate an organization’s security posture.
Newer CSV tools, such as BAS, have been developed to meet this growing need, and the study revealed a number of key use cases and pain points that CSV solutions can solve by utilizing more automated techniques that leverage the same tactics, techniques, and procedures (TTPs) used by criminals. This more advanced, continuous approach enables organizations to identify high-risk vulnerabilities, define remediation activities, and ultimately construct more resilient cybersecurity programs that reduce business and operational risk.
For additional information regarding the study and its findings, download the full Impact of Continuous Security Validation report.