The more cybersecurity tools an enterprise deploys, the less effective their defense is

New research highlights how throwing money indiscriminately at security doesn’t guarantee results.
Written by Charlie Osborne, Contributing Writer

The enterprise is slowly improving its response to cybersecurity incidents, but in the same breath, it is still investing in too many tools that can actually reduce the effectiveness of defense. 

On Tuesday, IBM released the results of a global survey, conducted by the Ponemon Institute and featuring responses from over 3,400 security and IT staff worldwide. The research suggests that while investment and planning are on the uptake, effectiveness is not on the same incline, with response efforts hindered by complexity caused by fragmented toolsets.

The research, IBM's fifth annual Cyber Resilient Organization Report, says that while organizations are improving in cyberattack planning, detection, and response, their ability to contain an active threat has declined by 13%. 

See also: IBM offers open source notebooks for COVID-19 data analysis

On average, enterprises deploy 45 cybersecurity-related tools on their networks. The widespread use of too many tools may contribute to an inability not only to detect, but also to defend from active attacks. Enterprises that deploy over 50 tools ranked themselves 8% lower in their ability to detect threats, and 7% lower in their defensive capabilities, than other companies employing fewer toolsets. 

It does appear that the enterprise cybersecurity scene is reaching a new level of maturity, however, with 26% of respondents saying that their organizations have now adopted formal, company-wide Cyber Security Incident Response Plans (CSIRPs), an increase from 18% five years ago.

In total, however, 74% of respondents said their cybersecurity planning posture still leaves much to be desired, with no plans, ad-hoc plans, or inconsistency still a thorn in the side of IT staff. In addition, among those who have adopted a response plan, only a third have created a playbook for common attack types to watch out for during daily operations. 

CNET: Twitter challenges millions of accounts every week to determine if they're bots or not

"Since different breeds of attack require unique response techniques, having pre-defined playbooks provides organizations with consistent and repeatable action plans for the most common attacks they are likely to face," the report notes. 

According to IBM, a lack of planning and incident response testing can lead to a damages bill up to $1.2 million higher than a cyberattack would have otherwise cost a victim company. 

The cost can be high in terms of disruption, too, as only 39% of enterprise companies with CSIRP applied have experienced a severely disruptive attack in the past two years -- in comparison to 62% of those which did not implement any form of plan. 

TechRepublic: Expiring security certificates may start shutting down IoT devices

In light of the COVID-19 pandemic and the rapid changes many of us have experienced in our workplaces, CSIRP setups need to be reviewed, and if need be, changed to adapt to the working from home environment. However, only 7% of respondents review these plans quarterly, and 40% have no time period set whatsoever for reviews. 

"With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that many businesses are relying on outdated response plans which don't reflect the current threat and business landscape," IBM added. 

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards