As global security concerns mount, it’s time for platform-based security
The security vendor community is often criticised for over-hyping the cyber threat to organisations in order to sell more products. While there may sometimes be a kernel of truth to these allegations, a new report from the World Economic Forum (WEF) paints an arguably more alarming picture still. Nearly all (93%) cyber and most (86%) business leaders polled for the report believe global geopolitical instability will “moderately or very likely” lead to a “catastrophic cyber event” in the next two years.
Behind the headlines, there are other concerning themes: of mounting skills shortages, a propensity for knee-jerk technology investments, and a continued lack of mutual understanding between cyber and board leaders. Platform-based security is not a panacea. But it could help to bridge some of these gaps.
What the WEF found
The Global Cybersecurity Outlook 2023 report was rigorously compiled from multiple interview rounds with business and cybersecurity leaders from some of the world’s biggest organisations, alongside the output of WEF workshops and data from other WEF and third-party reports. It presents a comprehensive picture of where we are now, and where business concerns are greatest.
Among the key findings are:
- Business disruption and reputational damage were respondents top two concerns
- 43% of respondents believe that a cyber-attack will “materially affect” their organisation. This has meant more investment in “day-to-day defences” rather than strategic purchases
- Business executives are realising that supply chain security influences their own organisation’s cyber risk profile
- Large digital transformation projects built on legacy foundations can add complexity and therefore cyber risk
- Cyber and business leaders are starting to recognise regulations and laws as an effective driver for reducing cyber risk
- 56% of security leaders now meet monthly or more often with their board, but much more needs to be done to close the communication gap
- While cyber leaders must get better at speaking the language of business, the C-suite needs to accept more accountability for operational cyber requirements, to enhance overall security posture
- Cybersecurity talent recruitment and retention remains a significant challenge. A third of respondents say there are training and skills gaps and less than half say they have sufficient skills
Time to listen
This might all sound like common sense. But these are important messages, especially coming from an authoritative source like the WEF. An issue highlighted in depth in the report is one that really cuts to the heart of the challenge facing the cybersecurity industry. As per the report introduction:
“Hearing is not the same as listening. The significance of cyber risk has certainly been heard in C-suites and boardrooms. Whether cyber leaders and business leaders understand each other well enough to meet this challenge is, on the other hand, an open question.”
If indeed they did listen rather than hear, the C-suite would understand that security leaders need technology designed to get the most out of their stretched teams. Technology designed to mitigate the risk of business disruption and reputational damage, and that stemming from digital transformation and supply chains, as highlighted in the report. They would also recognise that security investments should always be strategic, not tactical and piecemeal.
This is where a platform-based approach to security offers a glimpse into the future. By consolidating on a single security platform, organisations can eliminate the security gaps and wasteful, reactive spending that characterises point solutions. They can make the most of their IT and security teams, by giving them fewer interfaces and tools to manage. And they can utilise automation and intelligence to continually detect, prioritise and mitigate risk across the growing attack surface.
As business and security leaders continue to converge in their understanding of cyber risk, they will increasingly agree that platforms like Trend One offer the best way to manage that risk.