Between 2022 and 2030, the $184.93 billion global cybersecurity market is expected to grow at a compound annual growth rate of 12%. Investments in cybersecurity solutions are a trend we’ve seen continue throughout the past decade. And although spending is up, “78% of senior IT and security leaders lack confidence in their company’s security posture,” and “nearly 80% believe their organization lacks sufficient cybersecurity protections.”
The increased tooling and insecurity in our defenses can only mean one thing: There’s a value gap between the promise and delivery of today’s security solutions. For every attack surface, there’s new technology that automates the protection of that surface. As a result, most organizations end up with hundreds of solutions knitted together to make them more secure—yet most CISOs admit they aren’t.
Is too much of a good thing making us bad at protecting ourselves? I’d argue, yes. We’re spoiled for choice with solutions to every problem, but software is only half the battle. What use is the remote control if it has no batteries or no one who knows how to use it? To solve any problem, you need to address people and processes—even before technology. Only when we optimize these areas will we be truly prepared for an attack.
Prioritize the user experience.
Let’s talk about people first. As an industry, we’ve long been guilty of focusing on the tech and letting the user figure out the rest. This is probably a contributor to why 38% of CISOs call out human behavior as their number one security concern. And it’s not just CISOs—data shows that 95% of cybersecurity breaches are caused by human error. Tooling that’s hard to use and manage or that impedes daily workflows isn’t going to be useful no matter what it promises to protect against.
To address this, we need to start prioritizing user experience (UX). Effective security tooling can no longer be confined to silos of action. Rather than piling on more software and applications with unfamiliar user interfaces, CISOs should instead focus on aligning processes and technology with the people that will be using them daily. Gauge the type of training or oversight from IT that it will take to get workers up to speed and whether the juice is worth the squeeze
Improve business processes.
Next, there are business processes. The growth of cloud technology has given way to stronger flexibility and agility that can significantly improve processes, but it’s not without challenges. Growing pains like application sprawl and managing a remote and hybrid workforce have created new challenges when it comes to identity governance and security. The market has responded with suites of tooling, with many vendors expanding their offerings outside of their standalone, best-of-breed solutions. This is a good start, but it’s only the beginning.
The optimal solution is to have security controls embedded within the very platforms used to drive the business. Ask yourself, where are people doing work? What are the existing processes that can and should be extended? This is why platforms like ServiceNow, Atlassian, Salesforce and more are growing so rapidly. The people and processes are already there—the most effective technology is one that aligns with this. Only then can we start to patch the gaps in today’s security tooling.
Rarely have cyberattacks been the result of security software alone. Most successful breaches are a result of human error, which is, in large part, due to processes that need improvement. It’s why phishing continues to be one of the most popular methods of attack. The bad guys prey on human behavior, and all it takes is an absentminded click to wreak havoc. The bottom line is you can acquire all the latest and greatest security technology on the market, but without the people and processes to back it up, it’s a losing battle.
This article first appeared in Forbes.