According to the annual ESG survey, 60% of companies said they were targeted with a ransomware attack in 2019. Not surprisingly, those organizations are looking to augment their cybersecurity tools and processes. Defense in depth has long been touted as a reliable approach to securing the enterprise, and the strategy of adding layers has led to increased security spend. Notably, “62% of organizations will increase their security spending in 2020, continuing a multi-year boom in security technology investments,” the report said.
Spending more money on security solutions doesn’t always mitigate risk. The reality is that too many layers of security tools can sometimes corrupt the overall ecosystem, leaving security teams in the dark about whether the solutions they’ve deployed are actually working.
The recently released Security Effectiveness Report from FireEye’s Mandiant found that the average enterprise has anywhere from 30 to 50 security solutions deployed; however, more than half (53%) of attackers are successfully able to infiltrate systems without detection. ZDNet’s analysis of the report’s findings said, “26% of attacks were successful but were detected, while 33% of attacks were prevented by security solutions. However, only 9% of attacks led to an alert being generated.”
We’ve–unfortunately–had far too many of these conversations with enterprises. They are drowning in alert overload from some tools while other security controls falsely report having blocked an attack when they actually failed to do so.
Decision makers confess that they have increased their security spend without alleviating a growing pain point–the third party risk. Despite having done their due diligence and vetting their third party providers, enterprises remain at risk from their supply chains. Enterprises that have invested in a robust security strategy remain at the mercy of the security strategy of their downline suppliers because trusted access is difficult when you can’t verify the true security of your partners.
According to the Verizon 2020 Data Breach Investigation Report (DBIR), ‘Secondary’ is the top motivator for attackers, right behind ‘Financial’. Why? Because, “the compromised infrastructure in Secondary incidents is not the main target, but a means to an end as part of another attack.” Unbeknownst to all those upline customers, an attacker is able to exploit an accidental error or misconfiguration and compromise the companies linked to that vendor.
Why? What is missing in the “defense in depth” that enterprises can’t detect when their third-parties have been compromised?
When security teams are challenged with how to mitigate risks, they often look to technology for solutions. Yet sometimes investing in new products can create more issues in the greater security ecosystem of their organizations without showing evidence of compromise in their network. Without true visibility into whether the tools are actually doing their jobs, it’s difficult to reexamine your security tools and investments.
Security leaders need to be able to demonstrate the effectiveness of their investments in order to justify their budgets. In order to do that, they need solutions that allow them to proactively detect and respond to the real and present threats in their environments. When evaluating the solutions in their security ecosystem, they would be wise to eliminate the redundancies that create noise and invest in those that deliver visibility into real evidence of compromise in and across their extended networks.