 How SolarWinds Changed Cybersecurity Leadership's Priorities - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

CIO Insights & Innovation
Security & Risk Strategy
Team Building & Staffing
IT Strategy
Digital Business
Project Management
Programming Languages
Dr. Dobb's
Enterprise Applications
Operating Systems
Productivity/Collaboration Apps
Network Security
Careers & People
Threat Intelligence
IoT
Attacks & Breaches
Application Security
Cloud Security
Endpoint Security
Mobile Security
Perimeter Security
Risk Management
Operations Security
Analytics
Vulnerabilities & Threats
Security & Risk Strategy
Infrastructure as a Service
Platform as a Service
Software as a Service
Cloud Storage
Data Centers
Mobile Applications
Mobile Devices
Mobile Business
Enterprise Mobility Management
AI/Machine Learning
Big Data Analytics
Hardware/Architectures
Software Platforms
IoT
Networking
Wireless Infrastructure
Data Centers
Cloud Infrastructure
Careers and Certifications
Network Security
Government
Healthcare
Wall Street & Technology
Bank Systems & Technology
Insurance & Technology
Industries
Government
Healthcare
Wall Street & Technology
Bank Systems & Technology
Insurance & Technology
IT Life
Careers
Mobile
Mobile Applications
Mobile Devices
Mobile Business
Enterprise Mobility Management
Software
Enterprise Applications
Operating Systems
Productivity/Collaboration Apps
IT Leadership // Security & Risk Strategy
News
5/26/2021
08:00 AM
Jessica Davis
Connect Directly
Twitter
RSS
E-Mail
0 comments
Comment Now
50%
50%

How SolarWinds Changed Cybersecurity Leadership's Priorities

A new survey shows how IT security leaders have changed their focus after the SolarWinds attack and a year of the pandemic.

ryanking999 via Adobe Stock
ryanking999 via Adobe Stock

If you were looking for a job in IT during 2020 or 2021, you probably couldn't have chosen a more in-demand IT specialty than cybersecurity. Between securing the devices of hordes of new work-from-home employees and responding to new threats on the horizon like the SolarWinds hack, organizations were investing in hiring more security pros at a time when many other workers in the job market were afraid of being laid off. In the weeks following the Colonial Pipeline ransomware attack, there's no sign of that changing.

That's one of the findings of a new survey of 300 security leaders in the US. The survey also looked at investment priorities for security leaders, how closely these leaders worked with their CEOs, their plans for security automation technology, and other trends, too. It was the fifth annual survey commissioned by Scale Venture Partners and conducted by Market Cube.

A full 40% of respondents in this year's survey said they increased security headcount in 2020. Of those who increased headcount, 32% said it rose by 50% or more.  What's more, 63% said their security budget increased over the past 12 months. Of those who increased their budget, 45% said it had doubled. (For context, 31% of survey respondents worked at firms of 500 to 999 people; 28% at firms of 1,000 to 2,499 people, and 18% at firms of 2,500 to 5,999 people.)

Staffing continues to be a challenge in cybersecurity, according to Ariel Tseitlin, a partner at Scale Venture Partners who specializes in cloud and security. The demand for security pros increased over the last year during the pandemic amid new and serious security incidents.

"I don't know that we can do much to accelerate the rate of supply of security professionals," he said. Instead, he believes the market will turn to two other possible solutions to resolve the imbalance between supply and demand for talent -- security automation tools or security products being bundled with services.

Ariel Tseitlin
Ariel Tseitlin

This higher demand was driven by new threats and a changed environment that included a huge pivot to move workforces to work from home. Of security leaders surveyed, 36% attributed an increase in certain types of incidents to the move to work from home. A full 52% of security leaders said that security incidents involving attacks on compromised data, devices, systems, or networks increased.

But one of the biggest incidents on every security leader's mind was the SolarWinds hack.

"SolarWinds catapulted attention to third-party risk and vendor risk to the forefront," Tseitlin said. "Everyone realized they didn't have very good visibility."

The Scale survey showed that security leaders are retooling their security operations in response to the changing threat environment. For instance, 57% said they increased integration with other teams such as IT and software development. Also, 36% said that they expected third-party risks to rise over the next 12 months. What's more, 47% said third-party risks are a top factor affecting the C-suite's understanding of the business impact of security, behind data breaches at 57% and remote work at 54%.

What are these organizations doing to mitigate third-party risks? Performing audits of third-party vendors' procedures topped the list at 51%. Other measures included relying on third-party risk rating services (48%) and asking vendors to complete self-assessment questionnaires (47%).

Tseitlin said that the survey revealed that organizations are building security automation technology to help deal with the growing tools sprawl. For instance, 51% of respondents said they created an in-house cybersecurity solution in the past 12 months, and 23% said they had built security automation technology.

"There are so many different tools out there," Tseitlin said. "Organizations are looking to invest in software that consolidates and coalesces all the different signals from security tools."

Related Content:

Experian’s Identity GM Addresses Industry’s Post-COVID Challenges

MassMutual CISO Talks Cybersecurity Priorities

Cybersecurity, Modernization Top Priorities for Federal CIOs

The Year in Security: Adversarial AI and the Rush to the Cloud

 

Jessica Davis is a Senior Editor at InformationWeek. She covers enterprise IT leadership, careers, artificial intelligence, data and analytics, and enterprise software. She has spent a career covering the intersection of business and technology. Follow her on twitter: ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Webcasts
More Webcasts
White Papers
More White Papers
Reports
More Reports
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Editors' Choice
Slideshows
11 Ways to Ask Smarter Data Analytics Questions
Lisa Morgan, Freelance Writer,  5/13/2021
News
Corporate Diversity Efforts Get Real
Jessica Davis, Senior Editor, Enterprise Apps,  5/13/2021
Commentary
What Will Be the Next New Normal in Cloud Software Security?
Joao-Pierre S. Ruth, Senior Writer,  5/10/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Download This Issue!
Slideshows
Flash Poll