There’s no doubt about it – the cybersecurity space is white hot right now. New technologies, new ways of working and growing data volumes all bring security risks, and understanding and managing them is top of mind for IT departments and business leaders. However, when a sector becomes so hot, a vendor gold rush ensues and organisations face a bewildering number of choices when it comes to deciding what to buy and how best to protect their assets.
Gartner predicts that the cybersecurity market will hit $101bn in 2018 and niche solution providers are entering the market every week with compelling reasons to purchase their products. This level of growth makes it increasingly difficult for organisations to cut through the complexity and confusion, and make the right decision when choosing how and when to spend budget on a new security technology and service.
Security fatigue is also becoming a genuine problem. Our industry is now full of acronyms and jargon, which makes it easy for business leaders to feel anxious about what they don’t know and what they fear their organisation might need. The technology press and the vendor community amplify the security hype around the words, causing some companies to impulse buy quick fixes to deal with previously unknown security threats.
Jargon and buzzwords should have no impact on well-planned and well executed security programmes. Careful planning and placing trust in pro-active security programmes will keep businesses focused on the real risks they face and reduce the likelihood of being distracted by the next new thing. Rather than following vendor hype and market noise, it would be wise to understand the business risks and then spend time looking at what to do with existing policies, processes and technologies. Organisations can then define solutions for risks that haven’t been mitigated, which could be technology, process or education.
What’s also needed is sound, sensible advice from trusted partners who can listen to an organisation’s specific challenges and create the optimum solution in line with the business and the resources available.
Dudu Mimran, CTO of Deutsche Telekom Innovation Laboratories (also of the Cyber Security Research Center at Israel’s Ben-Gurion University), said there’s also an oversupply of solutions, which confuses CSOs. “The current situation with security vendors vs customers is tricky. There is an oversupply where there are dozens of startups and companies providing different solutions based on different concepts for the same problems, which makes the CSOs very confused as for how to build their security stack and concept.