In Panaseer’s first Security Leader’s Peer Report, a survey of 200 enterprise security leaders was conducted.
The report revealed that 89% of security leaders are struggling with insight into trusted data and visibility, with 31% raising concerns that a lack of visibility will impact their ability to adhere to regulations.
The report identified that 16.5% of security leaders had the least confidence in phishing and user awareness testing, followed by endpoint management (14.5%), identity and access management (14.5%), privileged access management (13%) and vulnerability management (12%). Only 9.5% stated they were confident in all security areas.
It was found that enterprise security teams manage an average of 57.1% discreet security tools with over a quarter (26.5%) claiming to run 76+ security tools across their organisation. However “visibility challenges are exacerbated by the sheer number of security tools in use”. There is a common misconception that investing in more security tools will lead to better visibility; unfortunately this is not the case.
“Tool overload can hinder visibility, especially if the organisation has no way to gain centralised insight for its tool.”
Nik Whitfield, CEO, Panaseer said:
“Ultimately we are buying tools and not switching them on, because we lack visibility across security controls and technical assets. Buying more tools does not equate to enhanced security. Ironically in many cases they impair visibility and cause bigger headaches as they often integrate poorly, have overlapping functionality and gaps in coverage.”
The report discusses how within organisations there is a requirement to report on security projects and initiatives to highlight progress and indicate return on investment which in turn helps overcome visibility issues. However this has become a “pain-point” for security leaders as security teams are forced to spend valuable time on producing reports manually, to which 36.26% of the respondents have indicated.
Charaka Goonatilake, CTO for Panaseer told Infosecurity:
“Instead of deploying scarce cyber-experts to improve security in the business, they’re wasting their talents on manually constructing reports in an attempt to provide visibility into security posture.”
Nik Whitfield added:
“Manual reporting creates a huge overhead for the business. It also means that during a cyber skills shortage, we have specialist staff wasted doing very basic work. Manual reports are so prone to error, as they can only give a single snapshot in time and are then out of date almost immediately. Automation is an opportunity to enable greater speed, error reduction and crucially enhanced visibility.”
Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.
Reserve your place today and gain access to the entire event free of charge. With all sessions available to view live or on-demand, you can build a personalised agenda based on your key focus topics and make the event fit around your work schedule.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.