Reshaping IT security budgets 2020 v 2025
Reshaping IT Security Budgets 2020 Vs 2025
The cyber threats that organisations face today are different than they were a few years ago and from what they will be in 2025. The threat landscape is constantly changing, and how we defend against bad actors must also change. Most organisations are seeing an inexorable rise in the resources required to deliver cyber defence. They are also finding it challenging to obtain the skilled staff needed to provide robust security. If we are to continue to thwart cyberattacks, something needs to change — that change is starting to become clear and will be the norm for most organisations by 2025. It is the adoption of external Managed Detection & Response (MDR) capabilities coupled with strong Endpoint Protection (EDR) solutions.
Why There Is a Need for Change
While spending on cybersecurity protection solutions has risen over the last few years, even a cursory glance at IT and general news sites shows that successful cyberattacks haven't diminished. Attacks that steal a copy of an organisation's data before encrypting systems with ransomware are still depressingly common. Additionally, the sophistication of methods and technology used by cybercriminals continues to become more complex, as do the social engineering techniques used to trick people into making mistakes.
The threat surface exposed to the Internet in 2023 is different from the one we protected in 2020. Remote working expanded during the lockdowns, and many organisations now find that their working models have changed forever, with hybrid and other flexible working patterns now common. This has accelerated the erosion of the concept of an internal network protected by a strong perimeter with firewalls and other edge security solutions. Those are still required as part of any cybersecurity strategy, but the world has changed, and how protection is delivered also needs to change. Zero trust techniques are seeing broad adoption as part of the solution to deliver security in the hybrid landscape.
The home working shift also saw the deployment of many endpoint devices outside of typical purchase and upgrade cycles. People needed devices to work remotely, often via home WiFi and broadband with weak security — but that's a topic for another day! The rapid adoption of cloud services and cloud-based business apps like Microsoft 365, Zoom, Slack, Box, and other line-of-business apps snowballed with home working. IT teams used cloud services to quickly expand their capacity to deliver business services and data-sharing solutions.
There was also an increase in the number of supply-chain connections between organisations to deliver B2B services over the same period. The ramifications of these changes due to lockdowns, and the longer but no less impactful changes post-pandemic due to hybrid working, all add up to one thing for cybersecurity and IT teams: increased complexity.
What This Complexity Means for Organisations
Complexity is often the enemy of good outcomes. It certainly is in the emerging IT and cybersecurity landscape today. For organisations, it leads to increased costs to deliver their cybersecurity and manage it on a day-to-day basis to deliver the business services people need for their jobs.
One significant factor in the rising costs of delivering cybersecurity is the chronic shortage of skilled and experienced professionals in the sector. Those with the skills are in very high demand, and a competitive marketplace is chasing after them. This has driven wage inflation in the industry, making it harder for many organisations to attract and retain the talent they need.
This has a double whammy effect from increasingly complex technology and also a reduction in the ability to hire enough people who understand the technology to make it manageable and secure. Not forgetting that cybersecurity protections are needed 24x7, and human experts are still needed as part of the protection loop, even today when machine learning monitoring systems can find and filter alerts.
A Shift to the Cybersecurity Market
Highly skilled cybersecurity professionals often end up working for dedicated managed security service providers (MSSPs). They provide the rich set of clients and projects that cyber experts like, plus the MSSPs can spread the costs of hiring and retaining cybersecurity professionals across multiple clients. Plus, they can have enough staff to cover 24x7 operations and operate the multiple Security Operations Centres (SOCs) needed to build resilience into protection services. Many organisations who struggle to build an internal cybersecurity team and SOC capabilities have outsourced some or all of their network detection and response (NDR) cybersecurity requirements to an MSSPs MDR service.
This will become increasingly common up to 2025 and beyond. In fact, it will become the norm that most organisations will use an external MDR provider to monitor their networks and systems on-premise and in the cloud. MSSPs will use machine-based and human experts to analyse any anomalies detected and then respond based on an agreed incident response plan in the most suitable way to prevent detected cyberattacks from spreading and disrupting systems.
This will drive a shift in the cybersecurity marketplace. Most organisations will partner with an MSSP for monitoring, detection, and response, with the MSSP using the NDR tools that they determine are the most effective. It's highly likely that a few large NDR solutions will dominate the market for monitoring private and cloud-based infrastructure.
Alongside the managed service protections for network, server, and cloud infrastructure will be a need for endpoint protection using EDR tools. The number of EDR solutions will probably be larger than the MDR platforms, but all will feed data to a central MSSP Security Information and Event Management (SIEM) system or equivalent that the MSSP uses to collate and analyse threats and responses.
Staff Awareness Training
No cybersecurity protections will ever be 100% effective. The criminals looking to breach defences are unrelenting, and people in organisations will make mistakes that provide a way to bypass security. Plus, zero-day vulnerabilities will continue to surface. Using an external MSSP does not absolve an organisation from responsibility for its data and what happens to it.
As a result, organisations will need to increase their efforts on cybersecurity awareness training for their staff at all levels. This should be frequent and ongoing rather than a one-off box-checking exercise. It's much better to prevent a cyberattack from starting (via Phishing emails getting spotted, for example) than it is to stop it later and then clean up any damage. Awareness training has a big part to play in this and will be as crucial as the MSSP and EDR solutions that are in place.
Conclusion
The move to an MSSP and MDR model has already started. The move will accelerate and expand over the next few years and become most organisations' default choice. Indeed, it'll likely be unusual for an organisation to build their own NDR and EDR infrastructure in-house. And if they want to, they'll need good reasons and arguments to back up their choice to the C-suite, insurance companies, and auditors.
As the cybersecurity landscape and how protections are delivered evolve, Renaissance will be here. Together with our partners and vendors, we'll ensure that MSSPs have the solutions to provide robust cybersecurity for organisations of any size.
Contact us here to learn more.
Keep up to date on all our latest news and articles here.