Lepide Blog: A Guide to IT Security, Compliance and IT Operations

Why Are Fewer Companies Deploying Security Monitoring Tools?

Why Are Fewer Companies Deploying Security Monitoring Tools?

In March 2021, The Department for Digital, Culture, Media, and Sport (DCMS) published its sixth annual survey of UK businesses, charities, and educational institutions as part of the National Cyber Security Programme.

The Cyber Security Breaches Survey 2021, as it is called, highlighted a number of important issues relating to the way companies have been securing their systems and data during the ongoing pandemic.

Perhaps the most notable (and somewhat alarming) issue exposed by the survey was that fewer businesses are deploying security monitoring tools. The burning question is, why?

Deployment Rates Are Down

According to the report, 35% of businesses are deploying security monitoring tools – down from 40% in 2020. Likewise, fewer organizations are undertaking any form of user monitoring.

As we already know, increasingly more employees are working from home as a result of COVID-19. And since they are working remotely, organizations need significantly more visibility into how their employees are accessing their sensitive data – not less!

The report suggests that the reason why fewer organizations are monitoring their users is that they are “less aware than before of the breaches and attacks their staff is facing”. They’re less aware than before? Is this a question of “out of sight, out of mind”?

It does seem like a strange conclusion given that cyber-criminals are notoriously proactive during times of crisis, and one would assume that most organizations are aware of this.

We could argue that the surge in cybersecurity spending during the first wave of the pandemic illustrates that companies were expecting the worst, and when the worst was seen to be over, it’s possible that cybersecurity spending began to fall.

After all, the report also states that some organizations thought that the “licensing cost of remote user monitoring software was too high for them to install it for all staff”.

If companies were concerned about the loss of revenue caused by the coronavirus, it’s understandable why they would be hesitant to invest in cybersecurity technologies.

Licensing and Scalability

There are some important points that are worth mentioning about the licensing fees associated with security monitoring solutions. The first is that organizations are not required to install the software on all end-points.

Of course, purchasing a license on a per-user basis will provide the greatest visibility into what your employees are doing with your sensitive data. However, they could instead purchase a license on a per-platform basis, or even pay for specific functionality based on the organization’s requirements.

Some vendors offer what is called “priority-based scaling“, which is where you can apply resources to what you consider to be the greatest security threats to your organization. Perhaps you are concerned more about ransomware attacks than privilege escalation, or perhaps you are more concerned that your employees are sharing sensitive data outside of your organization. By identifying your main areas of weakness, you can save on the upfront infrastructural costs, and upgrade your license at a later date if required.

The Importance of Security Monitoring Tools

As we know, our employees, whether through negligence or malice, are behind most of the data breaches we face. The main purpose of security monitoring tools is to ensure that we know how our sensitive data is being used and by whom. Some solutions will also monitor other types of user activity, such as sessions, application usage, and web browsing.

While it is true that the upfront cost of implementing security monitoring solutions can be high, a sophisticated real-time monitoring solution will actually save time, and thus money, in the long run. These days, most solutions use machine learning techniques to determine typical usage patterns and will automatically detect deviations to these patterns in order to identify anomalous user activity. In the event of a suspected breach, they will either send an alert to the administrator or respond to the relevant events automatically.

Another important reason why organizations should invest in security monitoring tools is compliance. Most data privacy regulations, such as the GDPR, require that you know how your personal data is being accessed.

In many cases, you are required to provide evidence of this knowledge to the supervisory authorities, and a failure to do so could result in some form of disciplinary action – perhaps even a costly lawsuit or fine. Most sophisticated security monitoring solutions are able to automatically discover and classify data that is covered by the data privacy laws that are relevant to your organization.

Not only does this make it easier to assign the appropriate access controls to your critical assets, but also ensures that you know when regulated data is being accessed. At the click of a button, you can generate a pre-defined report which can be delivered to the relevant authorities as proof that you know where your regulated data resides, and have the necessary controls in place to keep it secure.

According to this article, ransomware attacks in the UK surged by 80% in the last quarter of 2020. The same is of course true for other parts of the world, including the US, where the number of ransomware attacks grew by as much as 98.1%.

As you would expect, hackers didn’t hang around to capitalize on the crisis, as organizations scrambled to adapt their security protocols to deal with a remote working environment. Naturally, educating employees about how to identify suspicious emails and attachments is the best way to protect your organization from ransomware attacks.

However, even with extensive training, it only takes one momentary lapse from a fatigued employee to bring your system to its knees. Most high-end security monitoring solutions provide an invaluable feature known as threshold alerting, which can be used to prevent ransomware attacks from spreading.

Simply put, threshold alerting enables organizations to automate a response to events that match a pre-defined threshold condition – in this case when multiple files are encrypted within a given time frame. If the threshold condition is met, a custom script can be executed which can disable a user account, stop a specific process, adjust the firewall settings or simply shut down the affected systems.

As the old adage goes, it’s not a question of if, but when, a security incident will unfold. If it is indeed the case that the main reason why fewer organizations are implementing security monitoring tools is the cost, it would be worth them considering cutting other areas of the IT budget first. If they don’t have clear visibility into who is making what changes to their critical data, and when, they will find it much harder to keep their data secure and remain compliant with the relevant data privacy laws.

If you’d like to see how the Lepide Data Security Platform helps organizations monitor interactions with their sensitive data, detect and react to threats, and meet compliance demands, schedule a demo with one of our engineers.