A global survey of 300 IT and security professionals suggests that while security budgets are increasing the way funding is being allocated is shifting as organizations look to automate workflows.
Conducted by Sapio Research on behalf of Seemplicity, a provider of a security automation platform, the survey finds that 91% of respondents work for organizations that plan to increase their security budgets this year.
Additionally, 85% said they plan to increase investments in artificial intelligence (AI) over the next five years, with vulnerability assessment (38%) and vulnerability prioritization (30%) cited as being areas where AI will have the most benefit.
Overall, nearly two-thirds (64%) said AI will serve as a weapon against bad actors but even more (68%) said there is significant concern regarding the impact AI will have on speeding up software development in a way that outpaces the ability of cybersecurity teams to keep pace with vulnerabilities.
Additionally, respondents noted that the new Securities and Exchange Commission (SEC) incident reporting requirements create an opportunity to enhance their vulnerability management practices. Specifically, new requirements will improve logging and reporting (53%) and improve overall security hygiene (52%). Less than a quarter of respondents felt that the regulation would create more bureaucracy (24%), and pressure (23%) and distract their security teams (18%).
The challenge is on average survey respondents report using offerings from 38 different security vendors, with more than half (51%) experiencing a high to very high level (23%) of noise from their tools. A full 85% said they find it challenging to manage all the noise, also known as alerts, generated by their security tools.
Nearly all (95%) are leveraging at least one method to try and reduce noise, the survey also finds.
At the same time, even more, 97%, indicated they have already invested in some level of automation, with vulnerability scanning (65%), vulnerability prioritization (65%) and remediation processes (41%) identified as the areas where most of those efforts are being applied.
A total of 89% said automation has improved vulnerability and exposure management efficiency, with faster response to emerging threats (65%) cited as being the top benefit.
Nevertheless, 44% said they still rely on manual methods to some degree to manage workflows. On the plus side, 90% of respondents plan to adopt some type of continuous threat exposure management (CTEM) framework to be able to better respond to threats.
Seemplicity CEO Yoran Sirkis noted that CTEM investments are crucial, as it becomes more apparent that cybersecurity now requires organizations to be able to respond in near real-time as threats are discovered. The longer a response time the more lethal any breach becomes, he added.
Achieving that goal, however, will require cybersecurity teams to reduce the current level of fragmentation that exists in a way that should reduce the overall amount of noise currently being generated by their platforms and tools, he added.
It’s not clear how long it might take for organizations to adopt a CTEM framework, but given the volume of attacks being launched, it’s almost certain that their adversaries already can continuously launch cyberattacks at will. The only thing left to determine now is how long it will take for cybersecurity teams to be able to respond effectively in kind.
Recent Articles By Author