Page 189 - Cyber Defense eMagazine March 2024
P. 189

enticing  emails  in  cleaner  grammar  and  punctuation  in  many  languages.  Smishing  is  also  rising  in
            popularity as employees use their personal mobile devices for business. In both instances, the bad actor
            wants the victim to let down their guard for just a moment and click on a link. This allows the bad actor to
            gain entry and continue the attack sequence. Organizations should ensure their employees use multi-
            factor authentication (MFA) and ongoing security awareness training to help protect themselves.



            Hybrid Cloud Security


            Sixty-four percent of respondents said they plan to have a hybrid IT model of both cloud and on-premises.
            Digital transformation initiatives have driven cloud adoption with strategies of being cloud-preferred and
            cloud-first, but there is still a need for an on-premises footprint for many organizations. Customers have
            shared  that  mission-critical  workloads  may  remain  on-premises  as  the  preferred  choice  for  data
            sovereignty requirements. Others said certain workloads have architectural limitations in the cloud or the
            resource requirements for refactoring don’t justify moving to the cloud. Whatever the reason, on-premises
            footprints will always be part of the IT estate for the majority of organizations now and into the future,
            requiring security leaders to develop a holistic approach for securing a hybrid environment.  This includes
            visibility and consistency across all environments for things like threat management, identity and access
            management, and misconfigurations.



            Vendor Consolidation

            Vendor consolidation is something that two out of three organizations will be focusing on in 2024. In years
            past, when there was a new attack vector, there would be a new category of tools to address that problem.
            Security teams wanted the best-of-breed tooling to address each new attack vector; this has resulted in
            tool sprawl, creating an operational nightmare. Customers have told us there is now a higher priority on
            solutions that are tightly integrated and solve a broad set of use cases. Being best-of-breed is a bonus,
            but not the primary driver anymore. Organizations cite overlapping capabilities in tools as one of the
            drivers that helps reduce vendors, along with simplified operations, which reduce costs and operational
            overhead.



            Third-Party Support

            One of the more interesting takeaways from the survey is that over half of respondents are either using
            or planning to use a third party to help secure their organization. Transferring a portion of the operational
            burden to a managed security service provider (MSSP) allows the organization’s security team to focus
            their efforts on more impactful and higher value projects. The areas where respondents most often say
            they are using an MSSP include email security and anti-phishing (58%), vulnerability management (52%),
            and data protection (51%). In most instances, an MSSP can manage the operational burden of a security
            control for less than the cost of a skilled full-time headcount.








            Cyber Defense eMagazine – March 2024 Edition                                                                                                                                                                                                          189
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   184   185   186   187   188   189   190   191   192   193   194