CISOs and other IT leaders know that today’s cyberthreats demand a full investment in security, but the road to achieving that goal is often littered with challenges. A report released on Monday from security provider BlackFog looks at the security obstacles facing many organizations.
SEE: Mobile device security policy (TechRepublic Premium)
Based on a September 2022 survey conducted by Sapio Research, BlackFog’s new report contains feedback from 405 IT decision makers at companies with more than 500 employees across the U.S. and the U.K.
What are the biggest challenges to cybersecurity adoption?
Lack of necessary skills
Asked to name the biggest hurdles in adopting the right type of cybersecurity, 32% of the respondents pointed to a lack of internal skills needed to set up and deploy a new product. Some 50% of those surveyed said that they’d been prevented from adopting a new security tool because of integration issues or challenges with their existing legacy infrastructure.
The number of security products
A huge part of the problem is the sheer proliferation of security products. Among the respondents, 28% said they use anywhere from 1 to 10 products, while 26% use anywhere from 11 to 20 products, 22% use 21 to 30 products and 22% revealed that they use more than 31 security tools.
Lack of the necessary budget
Budget constraints are another impediment, not just limiting what IT and security staffers are able to do but affecting job satisfaction.
SEE: CISOs, boards not always on the same page (TechRepublic)
Almost a quarter of the CISOs and security decision makers polled (22%) said they would consider leaving their current job due to a lack of the necessary budget for the latest security technology. The same percentage also stated that getting additional funding to implement the right technology was one of their major priorities for the next six months.
What can CISOs do to surmount some of these obstacles?
Invest in next-generation security tools after an audit
“One of the biggest challenges when it comes to adopting new security practices is conducting a proper audit of the tools you are currently using,” BlackFog CEO and founder Darren Williams told TechRepublic. “IT departments and professionals tend to just add to their existing stack, often replicating tools they already have in use, even though many of them aren’t built to solve today’s cybersecurity challenges.”
One example of product proliferation cited by Williams is the ongoing purchase of additional antivirus solutions. These kinds of legacy products are often already built into the operating system and can be more effective than the commercial ones that require a fee. Instead of adding more of the same technologies, CISOs should invest in next-generation tools that have been built specifically to handle today’s security threats, according to Williams.
Consider alternative and affordable ways to adapt to the skills shortage
“The skills shortage is a real problem in cybersecurity, and many companies can simply not afford the personnel they need,” Williams said. “There are now many new services that allow companies to engage with a virtual CISO to help fill this void, a solution that enables companies to get qualified people at a fractional cost only when they need it.”
With a virtual CISO, as Williams suggested, an organization outsources the role of the CISO to an external provider or contractor who analyzes the IT and cybersecurity needs of the company and makes decisions to help steer them in the right direction. A virtual CISO can be of particular value to small and midsize companies that may not need a full-time employee to handle this role.
“There are plenty of solutions available to help companies optimize their spending and get the maximum potential with little to no additional expenditure,” Williams added.
CISOs, save your team from creating a tech audit checklist or a budget planning tool -– TechRepublic Premium has you covered.
