Organizations investing in security analytics and machine learning to tackle cyberthreats

IT security’s greatest inhibitor to success is contending with too much security data. To address this challenge, 47 percent of IT security professionals acknowledged their organization’s intent to acquire advanced security analytics solutions that incorporate machine learning (ML) technology within the next 12 months.

Such investments help to mitigate the risks of advanced cyberthreats missed by traditional security defenses, aiding enterprise cyberthreat hunting endeavors, according to the CyberEdge Group sixth annual Cyberthreat Defense Report (CDR).

With 1,200 IT security decision makers and practitioners participating from 17 countries, six continents, and 19 industries, CyberEdge’s CDR is the most comprehensive study of security professionals’ perceptions in the industry.

Key findings

The 2019 CDR yielded dozens of insights into the challenges IT security professionals faced in 2018 and the challenges they’ll likely continue to face for the rest of this year. Key findings include:

• Hottest security technology for 2019. Advanced security analytics tops 2019’s most wanted list not only for the security management and operations category, but also for all technologies in this year’s report.
• Machine learning garners confidence. More than 90 percent of IT security organizations have invested in ML and/or artificial intelligence (AI) technologies to combat advanced threats. More than 80 percent are already seeing a difference.
• Attack success redux. The percentage of organizations affected by a successful cyberattack ticked up this year, from 77 percent to 78 percent, despite last year’s first-ever decline.
• Caving in to ransomware. Organizations affected by successful ransomware attacks increased slightly from 55 percent to 56 percent. More concerning, the percentage of organizations that elected to pay ransoms rose considerably, from 39 percent to 45 percent, potentially fueling even more ransomware attacks in 2019.
• Container security woes. For the second year, application containers edge mobile devices as IT security’s weakest link.
• Web application firewalls rule the roost. For the second year, the web application firewall (WAF) claims the top spot as the most widely deployed app/data security technology.
• Worsening skills shortage. IT security skills shortages continued to rise, with 84 percent of organizations experiencing this problem compared to 81 percent a year ago.
• Security’s slice of the IT budget pie. On average, IT security consumes 13 percent of the overall IT budget. The average security budget is going up by 5 percent in 2019.

“Security analytics and machine learning could very well hit their stride in 2019,” said Steve Piper, CEO of CyberEdge Group.

“We surveyed our research participants on their intended cyber investments across a broad range of security technologies. Respondents identified ‘advanced security analytics with machine learning’ as the most-wanted security technology for the coming year. This makes sense, given that ‘too much data to analyze’ surpassed ‘lack of skilled personnel’ as the greatest inhibitor to IT security’s success.”

“A decade after the transformative Aurora attack, you have to start wondering how long organizations can sustain such elevated investments in cybersecurity. Beanstalks don’t grow to the sky, right?” said Mike Rothman, president of Securosis.

“Yet, the data tells another story. According to this year’s CDR report, the average security budget consumes 13 percent of the overall IT budget, up from 5 percent just two decades ago. And it continues to grow, with an average of 5 percent planned growth moving forward. Exacerbated by the critical shortage of qualified IT security personnel, there will be a continued focus on smart investment in technologies that make security more effective and efficient.”