Despite heavy investment in security tools, businesses throughout the world are struggling to deal with cyber threats, new research from NETSCOUT suggests.
Offering direct insights into the security and operational challenges facing service providers and enterprise network operators, the report unearthed a clear and urgent need for companies to simplify operational security processes to tackle mounting threats, with 92% of respondents stating they sought to reduce complexity.
Other findings showed that resourcing challenges are fuelling a surge in outsourced services, while security concerns are holding back cloud migration.
Darren Anstee, CTO, security, NETSCOUT: “Our research reveals that the average enterprise has 22 security tools in place — and — anecdotally we know that some have far more. Businesses have invested in new tools and technologies to deal with new threats, but this hasn’t resulted in a reduction in risk. A complex security stack can lead to an inconsistent picture of what is really going on, slowing down operational processes and reducing the effectiveness of security personnel, whilst creating gaps for attackers to exploit. As a result, companies are waking up to the fact that they need a well-integrated security stack and a consistent view across their virtual, physical and cloud resources.”
IT skills gap, innovation and Brexit: The future of outsourcing in 2019
How will the uncertainty around Brexit, the skills gap and the non-stop demand for innovation impact outsourcing in 2019? Read here
The cyber security skills shortage
Operational challenges are further compounded by difficulty in hiring and retaining skilled personnel, which, together with lack of headcount or resources, were cited as the top challenges faced by security leaders.
The findings show that this is driving an increased reliance on outsourced services, with approximately a third of enterprises outsourcing at least a part of their security operation, up 12% from 2017. This trend looks set to continue for the foreseeable future, with 39% of respondents stating they expect to increase their investment in outsourced services in the next 12 months.
“In leaning on outsourced security professionals, businesses are identifying the short-falls of their internal processes and capabilities and are moving to address risk in the only way they can,” added Anstee. “There is nothing wrong with this strategy, as long as businesses are clear that they still own the underlying risk.”
Recruiting in the age of the cyber security skills gap: challenges to overcome
The cyber security skills gap is nothing new. So, what can be done to bridge it? Read here
Cyber threats are evolving
Adding to the challenge facing organisations is an evolution in DDoS attack size, with 91% of companies experiencing an attack indicating that their internet connectivity was saturated on at least one occasion. These kinds of threats are hindering digital transformation, with 61% of respondents stating that security concerns are creating a barrier to cloud adoption.
With businesses observing a threefold increase in DDoS attacks against SaaS services, and attacks against third-party data centres and cloud services up by 23%, it is clear that hackers are evolving their tactics to target evolving IT infrastructures. Service providers are also seeing attacks against cloud infrastructure increase, although around a quarter admitted to not knowing whether they had seen or were subject to attacks.
“Pretty much every business is either adopting or looking at adopting cloud, in one way or another,” continued Anstee. “DDoS attacks represent the number one external threat to the availability of cloud services. Having no ability to monitor for such attacks, or not being concerned, strikes us as a lesson waiting to be learned.”
However, progress is being made with the widespread adoption of specialised DDoS migration strategies, including cloud-based services and multi-layered solutions. Enterprises expressed a growing awareness of the damage which DDoS attacks can have on business activities, with nearly 90% of organisations now assessing DDoS risks on a recurring basis, either from an IT or business perspective.