The ‘Got a problem? Buy a box’ approach is now working against us.
Businesses are facing the challenge of having a patchwork quilt of old and new technologies, with a significant amount of legacy IT, and multiple security vendor solutions.
We have tried to solve the problem of cybersecurity by throwing unconnected technology at the problem, without a clear strategy in mind.
This creates gaps, management headaches and inefficiencies that attackers can exploit.
Each new solution comes with another management interface. Each new solution demands human resources, management hours to set up, set policy, respond to alerts and its not always clear whether the extra security outcome you gain is worth all the extra effort you are putting into managing that solution - rather than focusing on bigger problems elsewhere.
You may have added complexity without much overall incremental effectiveness.
This situation isn’t helped by the fact that security is still seen as primarily an ‘IT issue’. According to the Cisco Security Benchmarks Study, UK organisations don’t strongly agree (as much as other countries) that line of business managers are engaged with security.
This is a real issue, because it often means that security often gets “bolted on” rather than embedded in a company’s ecosystem. The attitude in the UK is, overwhelmingly, “Security is IT’s problem”.
Making do with a solution becomes a hindrance in the long run, when security is actually a huge business enabler when done right.
Cutting corners creates more work.