Dec 06, 2021
New Survey: Cyber Professionals Lack Visibility and Speed for Effective Threat Management
PwC’s annual cybersecurity survey of more than 3,000 security, business and IT executives worldwide reports some familiar concerns about visibility, complexity and board engagement.By Joe Nocera, Cyber & Privacy Innovation Institute Leader, PwC US and Oliver Cronk, Chief Architect, Tanium
Is it time for a change of direction? When it comes to IT threat management, cyber professionals all around the world face the same challenges. Despite spending more on their organizations’ cybersecurity, they are struggling to keep pace with the advanced threats, particularly as the size and breadth of what needs protecting continues to grow.
PwC’s 2022 Global Digital Trust Insights Survey underlines this point. More than two-thirds of organizations (69%) expect their cyber budgets to increase in 2022, including 26% that expect to spend more than 10% more. While some progress is being made, 75% of executives also report too much complexity in their technology, data and operating environments.
The risk of blind spots
This complexity continues to bring real problems concerning visibility. Many executives worry about significant blind spots as they survey their organizations both internally and externally. For example, 25% concede they have little or no understanding of the risks posed by third parties and the extended supply chain.
It is a problem that Tanium, a PwC joint business relationship provider since 2013, recognizes all too well. Without the real-time visibility and control that organizations get when they approach cybersecurity through an integrated platform, their experience is fractured. The result is that it takes too long to identify threats of malicious activity, let alone to remediate them.
Cyber professionals naturally urge organizations to close these gaps. However, the unpalatable truth is that these issues will persist and become more pressing. As an organization’s vulnerabilities grow — through connected devices, say, remote working or new supply chain partners — so too will the risk of blind spots and unmitigated risk. The case for integration becomes ever more pressing.
Gaining comprehensive endpoint visibility and truth
The conversation needs to shift. Endlessly plugging in new tools and updating protocols may lead to a fruitless game of ‘whack-a-mole.’ What organizations need is a single platform that provides comprehensive endpoint visibility and the ability to take immediate control of any part of the network — a means with which to wrestle power back. This is what Tanium’s integrated solution aims to provide: clear line of sight visibility and immediate control.
This approach to cybersecurity offers an additional advantage — the prospect of improved data collection, reporting and engagement.
Reporting risk to the C-suite
Another problem uncovered by PwC’s report is the need to close potential disconnects between the cyber function and their organizations’ senior leadership teams. While some of the CEOs surveyed regard themselves as more engaged, the non-CEO executives see their CEO involved only at a time of crisis. However, both sides see cybersecurity’s mission shifting to developing trust and supporting business growth; 54% frame the challenge as going beyond cyber defense and controls.
At the root of these difficulties is the struggle that cyber leaders often have to articulate what they have achieved in terms that resonate with CEOs and the rest of the board. They need a single source of the truth on where the organization stands on cyber — and the progress it has made.
They need a means with which to tell that story more effectively, as well as to set out the narrative on how risk is assessed and prioritized, and how spending is becoming more strategically focused. Again, integration can provide the solution — offering a single read-out of the organization’s current status.
Advanced organizations are getting better at achieving these goals. PwC’s study concludes that the most improved organizations are five times more likely to have streamlined all operations across the enterprise. Working with PwC and Tanium, there is an opportunity for many more organizations to realize such benefits.
It is a glimpse of what can be achieved when cyber begins to find ways to focus on the bigger picture as well as their organizations’ granularity. What cyber leaders need is a unified threat management platform that provides that picture, and the ability to focus in on the details.
Complexity isn’t going to disappear; the key is to be able to see it, act upon it and explain that process in a language that engages the board.
Does any of the above resonate with you? Connect with PwC to learn how to address these challenges and apply best practices in your organization.
You can also learn more about how Tanium’s solutions can help solve these challenges.