November 9, 2021
If your organization is struggling to keep up with proliferating cyber threats, you’re not alone.
According to the 2021 Security Priorities Study, conducted by tech media company IDG, nine out of 10 IT and security leaders believe their organization is failing to keep pace with the evolving cyber landscape. In response, they’re pushing their respective companies to increase their cybersecurity budgets and allocate spending to address the biggest gaps.
For the most part, organizational leaders seem to be listening. The average small-to-medium business plans to double its cyber spending over the next 12 months, according to report respondents—jumping from an average annual $5.5 million cyber spend to $11 million.
But where will the extra money go? According to the survey, most companies will use it to strengthen three core areas:
According to the report, 44% of security incidents in 2021 were the result of a weak human firewall, or employees who unintentionally facilitated a cyber breach, by falling victim to such things as phishing scams. In 27% of cases, unpatched software was to blame, while misconfigured services or systems accounted for 26%.
Given that the vast majority of workplaces were still remote in 2021, this trend makes sense. Home offices simply don’t offer the same protection as the traditional in-office setup—there’s no one to consult if you get a suspicious email, and it’s easier to overlook a critical software update. Even within traditional in-office set-ups, phishing emails are becoming more sophisticated, making it easier for individuals to unknowingly click if they don’t know what to look for.
To overcome these risks, a growing number of organizations plan to bolster spending in employee security and awareness training. This type of training can not only help employees identify red flags when opening emails, but educate them on the importance of locking computers when they step away, implementing multifactor authentication requirements, avoiding unsecured networks and using strong passwords.
When a cyber breach occurs, it can quickly infiltrate your high-value systems—that is, unless you take steps to strengthen the divisions between these systems.
In 2022, many organizations plan to do just that. They recognize that, at this stage in the game, a breach is all but certain to happen. However, if you take steps to contain it, the damage can be dramatically reduced.
Not only are companies allocating more of their cyber budgets to thoroughly map the potential spread of a breach—and flag pertinent infrastructure vulnerabilities—but they’re also investing in new security tools, like zero trust. According to the IDG survey, 52% of respondents plan to research or pilot zero trust technology in 2022—a security tool that essentially replaces implicit trust of elements, nodes and services with stringent authentication and authorization processes.
As cyber threats become more prevalent and complex, they’re exceeding the capabilities of internal IT departments, causing 49% to consider outsourcing some of their security functions (and 13% to outsource all their IT security functions over the next 12 months).
In most cases, this investment will seek to strengthen existing outsourcing efforts. Today, 38% of companies already rely on third party vendors to conduct evaluation services (e.g., penetration testing, risk assessments and security audits), while 33% outsource network monitoring efforts, endpoint and cloud, and security analytics. Companies plan to add to this over the next 12 months through things like behaviour monitoring and analysis (29%).
If you’ve decided to enhance your cyber posture in 2022 and beyond, MNP can help. Our multidisciplinary team has the skills, expertise and experience to support you on your journey—however far along you may be. From vulnerability and cyber risk exposure assessments, to strategic and tactical planning support, we’re here for you every step of the way.
Want to learn more or to find a trusted cyber advisor? Reach out to us — we would be happy to chat.