Cybersecurity budgets are up but aren't being well spent

New research from cloud platform Fastly shows that while enterprises are increasing their cybersecurity spending they're not making the most of their investments.

While 73 percent of organizations worldwide are increasing their cybersecurity spending to protect themselves against future risks, IT leaders are investing poorly with only 61 percent of their cybersecurity tools fully active or deployed.

In the US, only 67 percent of cybersecurity tools are fully deployed. Similarly, due to a scattergun approach to cybersecurity implementation, 42 percent of security tools overlap, protecting organizations against the same threats. And, when these tools do run, they often suffer from too many false positives. For example, 38 percent of alerts detected by organizations' Web Application Firewalls (WAFs) are false positives.

Sean Leach, chief product architect at Fastly says, "These stats paint a picture of cybersecurity strategies fueled by fear. Businesses are well aware of the dire repercussions of cybersecurity failure and, as a result, are looking to increase their security budgets. However, this increased spend is rarely driven by a key strategic goal. This means businesses often end up with solutions that aren't fit for purpose and, in many cases, they run these tools in log-only mode for an extended period of time, which offers absolutely no protection."

As part of the research IT leaders were also asked to predict the biggest threats to their organization in the next 12 months. 32 percent highlight data breaches and data loss, 29 percent malware and 26 percent phishing as their key areas for concern.

Securing remote workers is also a worry, 46 percent of IT leaders predict that cyberattacks on remote workers will drive cybersecurity threats over the next twelve months, and more than a third (38 percent) have made protecting the new hybrid workforce their main priority for the coming year.

"If businesses get the fundamentals of cybersecurity right -- such as non-SMS based two-factor authentication, rigid authorization rules, rate limiting to control sent or received requests when needed, and comprehensive security training across all parts of the organization -- they are able to defend against the majority of the most common threats, particularly potential data breaches," adds Leach. "These basic steps go a long way to preventing severe financial and data losses and should be priorities for all businesses, regardless of size. This approach also resolves the question of what to do with remote workers. By adopting these measures, an individual employee’s location no longer matters for your business' cybersecurity posture, meaning there is no need for concern around remote work. After all, hybrid work is here to stay, so businesses should be prepared to embrace it."

The full report along with fundamental steps that organizations can take to improve their cybersecurity posture, removing unnecessary complexity in the process, is available on the Fastly site.

Photo Credit: fotoscool/Shutterstock