A fragmented cybersecurity landscape is weakening your defences, research suggests

Thought you were doing everything right when it came to cybersecurity? Then I have bad news. A fragmented cybersecurity vendor landscape is “exacerbating risks and compounding skills shortages” for those organisations following best-practice guidelines for cybersecurity, according to a report from automated threat detection and response provider SenseOn.

This appears to contradict the long-standing consensus among cybersecurity professionals that a multi-layered defensive stance is the way to go. And just to add to the confusion, the latest research from SenseOn suggests that this position is still strong.

Let’s dig into the figures.

The survey of 250 security and IT professionals found that 76% subscribed to the “more is best” security strategy. The problems emerge when looking at the time it takes those same organisations to onboard new security solutions. On average, that’s just under two-and-half months, when you take both integration and training into account.

Further contradictions enter the equation as more than 60% of those asked also agreed that third-party risk is a primary challenge to their organisation’s security. What’s going on?

The SenseOn take on fragmented cybersecurity

“The tools they are purchasing are expensive, time-consuming to launch, and are not built to integrate with each other,” David Atkinson, Founder and CEO of SenseOn says. He adds: “Despite spending huge amounts of time and money on them, they do not make an organisation safer – particularly when considering the justified concerns many of these leaders share regarding their supply chain risks.”

I wouldn’t go so far as Atkinson when he says that “the research supports something lots of people working in the industry already know: cybersecurity is broken.”

This appears to be based upon the notion that using multiple tools “in place of a security strategy is a huge concern.” I mean, that would be the case if organisations were operating sans security strategy, but that doesn’t resonate with my real-world view of the business of protecting businesses.

Equally, I’m not convinced that the onboarding of tools is done “at the expense of threat hunting, vulnerability scanning and security awareness training” as the report suggests.

However, it’s hard to argue against there being a kind of cybersecurity limbo when a new tool is introduced, with the time taken to properly adopt it instead of actually using it being the cause.

Stressful security

With all this in mind, it’s hardly surprising that cybersecurity is a stressful industry to be in. 95% of those queried in the SenseOn research said they believed stress was impacting staff retention. Fewer staff to implement solutions plus more time to onboard them equals less effective security overall. That’s an equation I have to agree with.

“Companies should look to solve these issues by partnering with vendors that can unify multiple security disciplines under a single unified product, which can reduce costs, blindspots, and alleviate much of the stress security teams are currently experiencing,” Atkinson concludes.

Perhaps Apple might like to enter the fray? The fragmented Android ecosystem and its impact on timely security updates was the main reason I switched to using iOS as my primary mobile platform a few years back. And I must admit that I feel both more secure and less stressed.

Related: Would you pass a Cyber Essentials audit? Here’s why hackers hope not