With cyberattacks like botnets and exploits more than doubling quarter over quarter, organizations across the globe are turning to Managed Detection and Response (MDR) to support their cybersecurity strategy. During a recent webinar, Nuspire’s Michelle Bank and Fortinet’s Jonathan Nguyen-Duy were joined by IDC’s Craig Robinson to discuss current research around top cyber threats, business priorities and cybersecurity product adoption – including MDR.
“IDC’s research and a study Nuspire conducted both show that MDR is still a highly valued cybersecurity solution,” Michelle said.
Jonathan added, “There’s a clear need for higher-level capabilities to detect and accelerate mediation. MDR not only gives you a unified bridge to collect and share information, but also includes high-order skillsets like threat hunting and incident response.”
“MDR is becoming more topical because organizations need to raise their cybersecurity maturity,” said Craig. “The topic is being talked about not just by CISOs, but at the CEO level.”
Craig provided some context to help set the stage for where we are today from a global business risk perspective. Based on IDC’s Worldwide CEO Survey, January 2022, the No. 1 risk impacting businesses according to CEOs is cyber threats and regulations. What this shows is that cybersecurity is no longer considered an IT issue, but rather, leaders understand it has implications for the entire business.
The survey also asked what CEOs considered to be the greatest risk two years from now, and cyber threats and regulations remained at the top. Another top concern was addressing new data sharing and compliance regimes.
“CISO’s responsibilities today aren’t just risk management and compliance, but also business enablement,” said Jonathan. “Security programs are now an integral element of the business itself, and organizations that don’t have the depth of skill needed to address cybersecurity challenges often leverage MDR.”
Craig added, “MDR is an important tool, but it’s not a magic bullet. It’s important for organizations to realize that having great compliance doesn’t always equate to a great cybersecurity program.”
IDC’s Worldwide CEO Survey also revealed the top priorities boards of directors are focused on. It’s no surprise that cybersecurity threats are at the top of the list.
“It’s not just cyber threats that boards are worried about,” said Craig. “It’s also about what happens during an incident. Does the organization have a clear response and communications plan and is it prepared to issue statements and press releases?”
Michelle commented that Nuspire’s research identified types of threats most concerning to CISOs, and ransomware was at the top of the list, followed closely by phishing.
“What all of this research shows is that we’re still talking about basic security measures,” said Jonathan. “We clearly have a long way to go if cyber threats are still the top issue.”
IDC’s 2021 Cybersecurity Strategy Survey, November 2021, showed a clear correlation between the size of an organization and the number of breaches it has experienced over the last three years.
“Organizations can’t hide behind their size,” said Craig. “As organizations get bigger, it means they become bigger targets.”
According to Michelle, this type of breach data is why CISOs are focusing more on prevention.
“Organizations would much rather prevent a breach before it occurs, and that’s why they’re buying MDR,” said Michelle. “MDR is about proactive threat hunting and security analytics, playing a key role in reducing the amount of security breaches.”
One of the interesting takeaways from IDC’s Future Enterprise Resiliency & Spending Survey Wave 4 was that 18% of the respondents from North America said they had no plans for additional funding directed to security products.
“I’m really concerned about that 18%, because as we saw earlier in the presentation, cyber threats are the top concern for CEOs,” said Jonathan. “With more distributed networks and added complexities, you have to continue investing in security to support your business growth.”
Another finding showed the rise of multi-factor authentication (MFA) as a high value, low cost/complexity way to raise overall cybersecurity maturity.
“MFA makes a lot of sense to invest in from a product perspective,” said Craig. “It gives you a lot of bang for the buck, and it plays an important role in acquiring cyber insurance.”
MDR was near the top of the list in IDC’s spending survey, with 27% in North America, 34% in APAC and 30% in EMEA increasing funding for the service.
“I think the reason North America is slightly lower than APAC and EMEA is that it was quicker to adopt MDR than the rest of the world,” said Craig. “I think we’ll see a leveling off point with APAC and EMEA in the near future.”
An interesting finding in the survey revealed the market is now understanding the importance of strong internal security and technical training.
“This is the first time I’ve seen security training pop to the top like this,” Craig said.
Michelle said in Nuspire’s research, security training was also a top focus, but that many respondents weren’t necessarily willing to outsource it.
“With phishing and social engineering attacks continuing to trick unwitting employees, training is becoming a bigger priority; however, what we’re seeing is that organizations are choosing to expand that capability in-house,” Michelle said.