Are You Experiencing Cybersecurity Tool Fatigue?
According to global tech market advisory firm ABI Research, spending on cybersecurity for infrastructure will reach nearly $106 billion this year, an increase of about $9 billion over last year.
Referring to the SolarWinds hack, Michela Menting, Digital Security Research Director at ABI Research, said that “the implications for national security are significant, and critical infrastructure operators and governments worldwide are now re-evaluating and re-assessing the risks as they relate to remote management.”
The report further said that “the brunt of security spending is still first and foremost focused on IT networks, systems, and data security from a defensive perspective.”
But there’s a question that needs to be asked about these huge expenditures: how effective will they be?
It’s common for companies to buy security tools like antivirus, encryption, packet sniffers, firewalls, penetration testers, endpoint protection, and so on. There’s a lot of “stuff” out there to help protect your network, data, and users, and the belief is that more security “stuff” is better.
When Reality Sets In
The reality is usually far different, however. These tools often work in isolation, not sharing their data and information with other tools on where the threats are. And it’s not unusual for organizations to buy tools to respond to a specific kind of threat like ransomware or DDoS attacks. This becomes a problem in itself: one survey reported that 24% of companies hadn’t even implemented all the tools they’d bought, due to a lack of time and resources.
And in fact, having all those tools set up and working causes its own problems, as the management of half a dozen security tools is a full-time job in itself. This is part of a larger issue, too, as there’s a lack of qualified security professionals to go around. So even if you have the tools, you may not have the right personnel to take advantage of them.
These challenges will only get worse going forward. With the explosion of cloud computing that was accelerated by the pandemic, systems, data, and workers are more distributed than ever, exponentially increasing the attack surface.
Is the picture dark enough for you yet? If so, you’re now seeing things properly. It’s obvious that more security tools aren’t the answer, as complexity like this is the enemy of good security.
What’s needed is an integrated security solution that simplifies security and provides holistic protection across the infrastructure. Acronis, for example, focuses on just this issue of security tool fatigue with “Cyber Protect,” which they tout as modern cybersecurity and backup with integrated cyber protection.
Cyber Protect, which you can see in Figure 1, is an integrated suite in which all the moving parts talk to each other, providing the visibility and insight necessary to thwart attacks and react before things get out of hand on your network.
For example, the integration of antimalware and backup software provides automatic recovery of data corrupted by a ransomware attack–they aren’t separate products, in which the other isn’t aware of what’s going on.
This integration leads to big time-savings in a practical way for admins, as chores like updating and patching servers, maintaining license compliance, and setting policies is dramatically streamlined.
On top of that, Acronis uses artificial intelligence to power its threat detection, automating a process that can quickly lead to alert fatigue for admins monitoring their systems the old-fashioned, manual way.
The Future of Cybersecurity
For my money, this is the future of cybersecurity. There’s just too much to track, and it’s spread over too great a distance, to implement and manage with a mishmash of security tools. The cybercriminals can and will find every weakness you’ve got, and are using their own automated tools to do it.
To fight back, you don’t need more tools—you need a more comprehensive solution that leverages the most cutting-edge technology and as much automation as possible to keep on top of it all and be proactive, rather than reactive.