For HomeFor BusinessFor Partners
Business Insights
4 min read

Forrester: Cybersecurity Requires the Right Tools, Not More Tools

Filip Truta

September 30, 2019

Forrester: Cybersecurity Requires the Right Tools, Not More Tools

The disparity of technologies that enterprises use to secure their IT infrastructures don’t provide a complete, real-time view of cybersecurity risk, a Forrester survey reveals. The research also shows the abundance of deployed tools leads to a false sense of confidence.

64% of companies are making it a high priority to implement a risk framework aligning cybersecurity risk and enterprise risk, according to the survey of 250 senior security decision-makers. Most companies use multiple technologies to identify and mitigate enterprise risk, including security analytics, vulnerability management, governance, risk, and compliance (GRC), as well as vendor risk management platforms.

“Increasing the number of security technologies doesn’t translate to improved security, however … The abundance of technology investments gives firms a false sense of confidence in their security posture,” the report says.

Almost every respondent reported challenges with existing tools, including manual reporting, an incomplete view of asset inventory and controls, and the insufficient visibility inherent to point-in-time solutions.

Asked to name the technologies used to identify and understand enterprise risk, respondents said:

  • Security and analytics platform (83%)
  • Security information and event management (SIEM) technology (80%)
  • Vulnerability management technology (70%)
  • Governance, risk and compliance (GRC) platform (64%)
  • Vendor risk management technology (61%)
  • Third party risk intelligence feeds (57%)

While companies report confidence in their security management efforts, their challenges paint a different picture.

86% are confident they have no gaps in the disparate security controls deployed across devices, applications, people and data. And 78% say they take a centralized approach to risk management across their organizations.

“If true, this means they have a common risk taxonomy across the organization, manage technologies centrally, and aggregate and share risk data across business units,” Forrester researcher wrote. “The menagerie of disjointed technologies makes it difficult to aggregate risk data for reporting, often requiring manual effort. This, in turn, hinders them from having insight into their overall risk posture.”

Researchers found gaps between the challenges companies face with cybersecurity.

“In fact, challenges companies are experiencing indicate a gap in perception versus reality,” they said.

Asked to name those challenges, respondents pointed to:

  • Controlling coverage gaps across security functions (56%)
  • Viewing a comprehensive list of assets across the organization (43%)
  • Collecting, normalizing, aggregating, deduplicating and correlating disparate data (39%)
  • Tracking which assets and controls do not meet regulatory and compliance policies (39%)
  • Determining the effectiveness of security controls (38%)
  • Getting a real-time view of corporate risks (37%)
  • Tracking performance of security controls over time (37%)

Companies are therefore increasing their risk of a data breach. The report concludes that, as technology investments provide a false sense of confidence, security leaders must understand that a strong cybersecurity posture means the right tools -- not more tools.

tags

Business Insights

Author

Filip Truta

Filip Truta

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.

View all posts

Right now Top posts

5 Approaches to Counter a Cybercriminal’s Growing Arsenal
Enterprise Security Threat Research

5 Approaches to Counter a Cybercriminal’s Growing Arsenal

November 06, 2024

Bitdefender Threat Debrief | October 2024
Enterprise Security Ransomware Bitdefender Threat Debrief

Bitdefender Threat Debrief | October 2024

October 10, 2024

Meow, Meow Leaks, and the Chaos of Ransomware Attribution
Enterprise Security Ransomware Threat Research Threat Intelligence

Meow, Meow Leaks, and the Chaos of Ransomware Attribution

September 29, 2024

Understanding the Roles in the Ransomware-as-a-Service Ecosystem: Who’s Targeting Your Data Security Gaps
Enterprise Security Ransomware Threat Intelligence

Understanding the Roles in the Ransomware-as-a-Service Ecosystem: Who’s Targeting Your Data Security Gaps

September 19, 2024

FOLLOW US ON SOCIAL MEDIA

SUBSCRIBE TO OUR NEWSLETTER

Don’t miss out on exclusive content and exciting announcements!

You might also like

5 Approaches to Counter a Cybercriminal’s Growing Arsenal
Enterprise Security Threat Research

5 Approaches to Counter a Cybercriminal’s Growing Arsenal
Marcos Colón

November 06, 2024

AI in Cybersecurity: Can Automation Alone Secure Your Organization?
Enterprise Security Endpoint Protection & Management Managed Detection and Response

AI in Cybersecurity: Can Automation Alone Secure Your Organization?
Paul Lupo

October 31, 2024

Critical Edge Network Devices: Patching Vulnerabilities to Block Ransomware
Enterprise Security Ransomware Endpoint Detection and Response

Critical Edge Network Devices: Patching Vulnerabilities to Block Ransomware
Josue Ledesma

October 29, 2024

Bookmarks

loader