The Hidden Cost of An Ineffective Cybersecurity Platform
Against cyber threats, a blank cheque will not make you safer. The solutions market is so filled with marketing hype, security dead ends, and false dawns that even veteran practitioners can fall into the trap of sinking investment into redundant solution stacks.
This fact is not stopping the market for IT security tools from growing. According to a report published by Brandessence Market Research, the global cybersecurity market will likely reach $403.1 billion by 2027. To put that into perspective, the same market was valued at $176.5 billion in 2020.
But wasting money is not where the perils of poor investment end—ineffective cybersecurity platforms can weaken an organisation’s security posture. Ineffective cybersecurity platforms are single-point solutions that a) can’t be consolidated, b) don’t share context effectively, and c) can’t automate crucial security actions.
Besides money badly spent, here are three other costs of investing in ineffective cybersecurity platforms.
Overwhelmed Security Teams
In the past year, 9 in 10 organisations introduced at least one new security tool into their IT environments, and almost 1 in 2 added 4 or more technologies to their existing tool stacks.
Did deploying more cybersecurity solutions make these companies any safer? Unlikely. But it did increase IT and security teams’ workload. Around 60% of security operations centre (SOC) analysts say their workloads have spiked since 2021.
This is hardly surprising. The more tools a company has, the more time IT professionals spend managing them. And because most tools are not integrated, this often entails switching from one dashboard to the next in a “swivel chair” approach and investigating hundreds of alerts. The vast majority of these turn out to be false positives.
The result, for security teams, is burnout. Already severely understaffed due to the ongoing cybersecurity talent shortage crisis, security professionals report feeling overwhelmed, overworked, and unable to switch off even outside working hours. At work, SOC managers admit to:
Having to step away from their computers due to stress.
Turning off threat alerts altogether.
Ignoring incoming alerts.
Relying on a colleague to step in to help.
It’s not a problem that organisations can afford to ignore for much longer. Things are getting so bad that more than 6 in 10 SOC analysts are contemplating leaving their company for a different role. And close to 50% have thought about leaving the industry.
Longer Detection and Response Times
When security teams turn off or ignore alerts issued by ineffective security tools because past experience has taught them that they’re unlikely to be real, actual threats slip past. Many attacks are only detected when it’s already too late.
Take the Irish Health Service Executive (HSE) breach as an example. According to a PwC report, after the initial phishing email was opened (which is how attackers gained access to the HSE network), antivirus software triggered several alerts warning the organisation of potentially malicious activity.
Crucially, this was eight weeks before ransomware was deployed. The antivirus provider even emailed the Sec Ops team at the HSE, noting that threat events were not being handled.
Still, the events were ignored, giving cybercriminals free rein. The ending is well known. The nation’s healthcare services were disrupted, and it took the HSE five months to recover from the attack. Had the HSE spotted and acted on the alerts issued faster, they could have prevented ransomware. Or at least mitigated its impact.
It’s not always the case that alerts are missed. In some instances, they may be misinterpreted. Many SOC analysts review the alerts that come in but make poor judgement due to a lack of skills and technologies. About 1 in 2 IT and SOC decision-makers doubt their ability to prioritise and respond to alerts.
Multiple point solutions mean that disparate data sources are inevitable. But they make correlating events, and thus gaining full context, more challenging, if not impossible.
When real threats fly under the radar, detection and response times soar. IBM’s Cost of a Data Breach Report 2022 found that, on average, it takes organisations more than 9 months to discover and contain a breach. This is more than enough time for threat actors to map your network, steal valuable data, and encrypt your systems.
False Sense of Security
Former director of the Federal Bureau of Investigations (FBI) Robert Mueller famously said in 2012: “There are only two types of companies: those that have been hacked and those that will be hacked.”
Since then, the saying has been modified somewhat to reflect our current reality: “There are two types of companies: those who know they’ve been hacked and those who don’t.“
Although this new iteration might sound a bit extreme, the fact is that most companies have no idea their network was infiltrated until an external entity notifies them. In the case of ransomware, this is usually the attacker themselves seeking a ransom.
Specific statistics on this are hard to find. But at least one cyber trend proves this point: the rise of initial access brokers (IAB). IABs are hackers that breach companies and then sell this access to other bad actors. Or, as Google calls them, the “opportunistic locksmith of the security world.”
Most companies don’t realise IABs have breached them. Nor are most aware when they’re hacked by threat actors who buy this access. Why? Because they put too much trust in their cybersecurity tools.
They think their preventative tools will stop attacks from executing or, worst case scenario, that their disjointed detection and response solutions (endpoint detection and response, network detection and response, etc.) will spot and surface attacks in real-time.
What happens more commonly is that companies think they’re safe. Meanwhile, IABs are already selling access to their corporate network.
What Is An Effective Cybersecurity Platform?
An effective cybersecurity platform will empower IT and security professionals, decrease the time it takes to detect and respond to an attack, and provide advanced real-time protection.
SenseOn does all this and more. An autonomous threat detection, investigation, and response platform, SenseOn consolidates multiple tools (antivirus, EDR, NDR, security information and event management, and more) to give organisations unparalleled visibility into their entire IT environment.
With SenseOn, security teams don’t have to switch from one monitor to another to gather context around alerts—SenseOn does this on security analysts’ behalf, correlating data across a company’s infrastructure, from endpoints to network and even the cloud.
Not only does SenseOn surface only genuine alerts. It also prioritises them and maps them to the MITRE ATT&CK framework so that analysts immediately know how far into the kill chain attackers are and the next steps to take. And when ransomware strikes, SenseOn can deal with it on its own, cutting off infected devices from the rest of the network.