A survey of subscribers to the eSecurity Planet web site published this week confirms that it’s the best and worst of times for cybersecurity.
The survey finds more than half of respondents (54%) plan to increase their IT security spending this year, with 30 percent aiming to increase their spending by 10 to 20 percent or more. The survey also notes that 57 percent of respondents report their organizations plan to hire additional security staff in the next 12 months. That signals there is some welcome relief on the way for hard-pressed cybersecurity professionals. It also indicates clearly that organizations are planning to throw a lot more money at a cybersecurity problem that continues to frustrate all concerned.Recent survey: most organizations plan to increase their IT security spending this year, with 30% planning to increase by 10-20% or more. Click To Tweet
The survey finds the majority of organizations planning to increase spending were mid-sized to larger companies (69%). In contrast, 46 percent of all respondents said their cybersecurity spending will remain flat or down slightly, with 62 percent of those organizations having fewer than 100 employees.
In terms of spending priorities, network access control (NAC), web gateways and data loss prevention (DLP) top the list. Interestingly, NAC and web gateways are already among the most widely deployed security technologies, with about 54 percent of respondents already using NAC and 41 percent using web gateways. Another 20 percent of respondents indicated they plan to acquire these technologies in the next 12 months. About 35 percent of respondents have already adopted DLP tools, with another 21 percent planning to acquire them within the next year.
NAC also tops the list of security technologies that users have the most confidence in (26%), followed by DNS filtering (24%), anti-virus technology (21%) and web gateways (20%). Technologies respondents have the least confidence in are phishing simulation (24%), followed by breach and attack simulation (20%). Despite the lack of confidence in phishing simulation, however, phishing topped the list of areas where employees need training (32%), followed by DLP (28%).
Among newer offerings it would appear deception technologies are starting to gain some traction, with 13 percent planning to adopt it in the next 12 months, followed by 11 percent planning to purchase breach and attack simulation technologies. But only four percent more than the 21 percent that already have said they plan to implement security orchestration, automation and response (SOAR) platforms.When it comes to cybersecurity spending priorities, network access control (NAC), web gateways and data loss prevention (DLP) top the list. Click To Tweet
Finally, about 64 percent of respondents said they conduct penetration testing at least annually, and 60 percent conduct threat hunting exercises at the same rate. Even so, database security, advanced persistent threats (APTs), distributed denial of service (DDoS) attacks, insider threats and ransomware remain significant concerns, with a range of 27 to 38 percent of respondents expressing doubts about their preparedness for those threats.
Put it all together and it’s apparent the number of tools organizations are employing to maintain cybersecurity has never been more diverse. The tradeoff is that with each new tool the organizational overhead associated with achieving and maintaining cybersecurity increases. At some point in the near future, consolidation across the cybersecurity sector will start to accelerate even more than it already has. The challenge now is determining which of the vendors that make up that ecosystem has the financial and technical expertise needed to stand that test of time.
Barracuda Total Email Protection combines Barracuda's complete email protection portfolio in a single bundle that is easy to buy, implement, and use. Get started here.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.