Not too long ago we were handed a report from one of our partners. The partner, Cynet, sent out a survey to 200 CISOs and asked them what challenges they faced when working with a small security team (5 members or less) at organizations with between 500 and 10,000 employees.
(Read Cynet’s report here: https://www.security7.net/hubfs/Documents/2022%20CISO%20Survey%20of%20Small%20Cyber%20Security%20Teams.pdf)
What made it interesting to us here at Security7 is the demographic they surveyed is EXACTLY the type of customer we do business with, it couldn’t be more spot on. After reading the report there were a lot of questions: do our customers feel the same way as the CISO surveyed by Cynet? Do they have the same fears? The findings had to be discussed and analyzed and then shared with you.
So, without further ado…
There are five key findings in the survey. Some included things we knew, others included things we were surprised about. Here they are:
- The surge in remote work has accelerated the use of endpoint detection and response (EDR) technologies
According to Cynet, 52% of CISOS were relying on EDR technologies in 2021. This year (2022) that number was up to 85%. That’s understandable. Remote work has almost completely redefined the landscape.
The survey also noted a drastic shift in the usage of network detection and response (NDR) tools. 45% CISOs reported they were using them in 2021 but only 6% reported using them in 2022.
Another casualty of the “work from home” model, we assume.
- 90% of CISOs use managed detection and response (MDR) solutions, up from 53% in 2021
The jump from 53% of CISOs using MDR solutions in 2021 to 90% in 2022 isn’t all that surprising. Cybersecurity talent is in demand and an MDR solution allows for an increased headcount without having to hire internally.
However, and this is probably the more interesting bit, there was a HUGE drop (26%) in the number of CISOs who reported using Managed Security Services Providers (MSSPs). In 2021, 47% of CISOs were using an MSSP, in 2022 that number is down to 21%.
But why? The argument could be made that an MSSP offers all of the same solutions as MDR and oftentimes more. Why are CISOs ditching MSSPs for a replacement many would argue is a lesser product (on its own, not trying to offend any MDR vendors out there)?
Hold out for more information on this later. It’ll be revisited.
- Overlapping capabilities of threat protection tools is the #1 pain point for small security teams
The single pane of glass, the long-sought, rarely found almost mythological means of monitoring and controlling the vast landscape with the many moving parts of an organization’s security apparatus through one interface. Mentioning it to an InfoSec professional elicits an almost pavlovian effect.
The more complicated the system is to manage, the more painful the process becomes. It’s no wonder 87% of the CISOs surveyed by Cynet said managing overlapping capabilities is the number 1 pain point for a small security team.
It’s not impossible to consolidate a security stack and help an InfoSec team better manage overlapping capabilities and Security7 might have some thoughts regarding what you can do.
- Small security teams are paying attention to fewer security alerts than this time last year
Alert fatigue is a real thing. If there’s too much noise over an extended period of time those exposed to it will start blocking it out. That’s what happens with security alerts. In 2021, 14% of the CISOs Cynet spoke to said they only paid attention to “critical alerts.” While not a huge increase, the number in 2022 has risen to 21%.
The solution to this problem, at least in the survey, is automated remediation, whatever that may be. The survey didn’t give any distinct examples so the process is likely varied.
However, in 2021, 16% of CISOs admitted to ignoring the automated remediation alerts, in 2022 it was up to 34%. The key takeaway here is people are ignoring things that they shouldn’t be ignoring. Thing are happening in these systems that no one ever looks at. Processes that have been automated are apparently not looked at again. That’s potentially very concerning, especially when you consider the number of cyberattacks so far this year. How can you manage what’s not measured or observed? How can you stop something that might be happening right under your nose if you missed it because the flag that was thrown up, at the time, was considered non-consequential or not critical?
- 96% of CISOs are planning to consolidate their security platforms
This was mentioned above, but it bares repeating here: security platform consolidation is viewed as essential to all CISOs interviewed by Cynet. 94% of CISOs said this was a top priority, up from 61% the following year.
Again, there are ways to go about this, and there are plans to share that information with you relatively soon.
There’s a lot in this report. Lots. The key takeaways listed above are really a small fraction of the important information that’s listed in the survey. You really should read it if you’ve got the time.
However, as mentioned above, Security7 has a lot of thoughts regarding the data mentioned in this report and we want to share that with you over the next few months, and we’d really appreciate your input as the project unfolds.
Here’s the plan: From now (September 1st) until after the New Year we plan on releasing 12 articles that talk about some of the things mentioned in this report. If you’re a blog subscriber we’re going to be emailing them to you directly and we’re going to include a link to a quick survey (think one question maybe two questions) that’ll better help us serve you going forward.
This is what will be covered and the associated publishing dates:
September 1st – Introduction to Campaign (Cynet 2022 Survey of CISOs with Small Cyber Security Teams Review)
Sept – 15th – Size Matters Not: Why Small to Medium Sized Enterprises are Just as at Risk as Larger Ones to Cyberattacks
Sept 29th – Skill Shortages: The Staffing Problems Faced by Small InfoSec Teams
October 13th – Outsourcing: How a vCISO Can Help Your Business
October 27th – Budgeting: What to Consider When Budgeting Your Cybersecurity Spend
November 3rd – What Features/Product Types to Consider When Reviewing Your Cybersecurity Stack
November 17th – Consolidation: 7 Ways to Simplify Your Stack Responsibly
December 1st – Management: Overlapping Threat Protection Tools and You
December 15th – Alert Fatigue: What it is and How to Avoid it…
December 29th – Alphabet Soup: EDR, XDR, MDR, and Your Business
January 12th – Are MDR Solutions Better than an MSSP?
January 19th – Is the Cloud Worth It? Let’s Talk about Scale…
January 29th – New Year, New You: Maintaining a Strong Cybersecurity Posture
Feel free to post a comment in the section below or email us at [email protected] if you’ve got any questions at all.