Perspectives Home / Research
The research is in: Here's what we learned from surveying 1,500+ leaders in DevSecOps about the state of security today.
By Perspectives Editors JULY 11, 2023 • 4 minute read
According to our recently published report, The State of Security 2023, security remains a challenge; although fewer organizations say it’s harder to keep up with security requirements, many still respond reactively to the challenges that come their way.
Overwhelming team workloads, security stack complexity and increasingly sophisticated threats are among the top issues. Meanwhile, the top priorities include cloud security, DevSecOps and security automation.
In addition to these areas of focus, the research from The State of Security 2023 surfaced a few strategies that set the real leaders apart — the security teams that are trusted and whose value is understood across the rest of the business.
Compared to security teams that are seen as roadblocks to the rest of the organization, enablers more often rely on analytics to:
As these teams’ efforts to build data-driven efficiencies across detection, investigation and response improve security operations results, they’ll likewise continue to elevate the security team’s status with the business.
Security leaders are much more likely to report increasing investment for the expressed purpose of helping mitigate ransomware risk. Their proactive steps include:
As with ransomware, the teams that best enable the business are visibly more proactive about supply chain risk. Here are the actions such teams favor when grappling with the specter of supply chain attacks:
True organizational resilience lies not only with the security team’s crucial efforts to improve threat detection and incident response, but through holistic collaboration. Across organizations, resilience has been strongest with a collaborative approach in which everything — from software development and infrastructure monitoring to business continuity planning — brings security leaders to the table with IT and business executives to protect the organization.
Security teams seen as enablers to the business more often report their organization has a formal approach to cyber resilience, instituted organization-wide (32% versus 19%); they are also 2.5x as likely (32% versus 13%) to note that their security operations team is collaborating with “all” adjacent functional areas included in the survey — ITOps, app dev, observability and digital experience.
We’ve provided some of the important steps necessary for your organization to face cybersecurity threats. The increased and collaborative focus on resilience in particular is noteworthy. While investing in resilience seems like a reactive, rather than proactive, strategy because it focuses on what you do in the aftermath of an incident, we would argue that it’s actually proactive. Things like risk assessment, incident response planning, key investments in technology and training, and more are crucial ingredients for building resilience that will help your organization be prepared when the inevitable happens.
For more on resilience and the state of cybersecurity, read The State of Security 2023 in full.
July 11, 2023
The Security Detail Download: Cyber Threats in the Public Sector
Strategic Investments CISOs Should Make for Long-term Success
Read more Perspectives by Splunk
July 11, 2023 • 5 Minute Read
Rise of the Machines: A CISO’s Perspective on Generative AI
Here are three risks leaders should consider — plus, how to mitigate them.
July 11, 2023 • 8 Minute Read
Why the Talent Pipeline Is About To Get Even Smaller — And What Effective Tech Leaders Can Do About It
There are a few solutions savvy hiring managers can explore to be proactive.
How To Win Security Allies and Influence the Business
Splunk’s CISO shares four lessons he’s learned over 20 years of working in cybersecurity.
© 2005 - 2024 Splunk Inc. All rights reserved.