10/17/2024 | Press release | Distributed by Public on 10/17/2024 22:09
The past few years have been tough for the average consumer. According to the Bureau of Labor Statistics, consumer prices have risen by 3%, 5%, and 6% over the last three years. The consumer industry isn't the only industry impacted either.
Just look at the world of enterprise tech, for example. In November of 2022 - back when the consumer price index was busy setting records of the worst kind imaginable - enterprise tech prices were quietly climbing at a rate 4 times higher than that of overall market inflation. What's worse, this came at a time when organizations were setting records for average SaaS portfolio size. For a time, 1 in every 8 dollars spent by modern organizations went directly to SaaS costs.
No matter what you call it, it's a wise move for most businesses to cast a critical eye on their SaaS expenditures. However, it's important to remember that not all SaaS solutions are built equally. While some tools undoubtedly fall into the category of fluff, others are downright indispensable. Unfortunately, it's not always readily apparent which applications fall into which categories.
This article looks at some tips for how to conduct a measured, effective tech audit. It also makes the case for why almost anything in the cybersecurity space should be considered absolutely last on the list of expendable enterprise apps in today's rapidly evolving cyber threat landscape.
Although SaaS prices continued to outpace overall market inflation by more than 200% - the size of the average corporate SaaS portfolio reached an all-time high of over 370 applications. However, this highwater mark for enterprise SaaS adoption was short-lived.
Just as SaaS portfolios were reaching all-time highs in size, another study from the same period revealed that less than half (44%) of companies' SaaS applications were actually being regularly used by employees. At the same time, studies showed that the U.S. IT departments were wasting roughly $85B per year on bad tech. Due in part to revelations like these (along with other internal and external forces), by year's end 2023, the average SaaS portfolio size had suddenly fallen in size by over 10% YoY.
In fact, in Splunk's 2024 State of Security survey report, when asked what types of cyberattacks are most concerning, "AI-powered attacks" topped the list as the number one most anxiety-inducing type of attack. In the same report, 32% of respondents were most concerned about attackers using generative AI to optimize existing attacks, such as crafting more realistic phishing emails or refining malicious scripts.
Another common concern is the possibility of less skilled, opportunistic hackers exploiting generative AI to drive a significant uplift in social engineering attacks - contributing to the 28% of respondents that worry that generative AI will help adversaries increase the volume of existing attacks.
While many would argue that this is not the time to skimp on any form of cybersecurity, the fact that email still represents the number-one threat vector, playing a role in upwards of 96% of all breaches today indicates that if one slice of your security architecture must be prioritized, it ought to be protecting your employees' inboxes. Increasingly, security professionals are coming to the conclusion that the only way to effectively fight these new, AI-enabled threats is by leveraging the adaptive intelligence of AI themselves.
While this may sound reasonable at first blush, not every part of your stack is in a position to be frozen in time. And that holds especially true in the field of cybersecurity. As cited earlier, the modern threat landscape is changing at breakneck speed - with new, much more advanced (and often AI-enabled) attack types being discovered by the day.
In such an environment, simply sticking with one's legacy security solutions - such as secure email gateways (SEGs) - is often just as problematic as making active cuts; as these types of tools are fundamentally unfit to defend against today's modern, AI-driven cyberthreats.
At the end of the day, the future of cybersecurity will be a battle between offensive and defensive applications of AI. And as of today, most security professionals are torn as to which side of the battlefield will emerge victorious.
While we've most certainly seen purse strings tighten as of late, most of today's analysts are forecasting that tech budgets will in fact continue to grow - rather than contract - over the next 12 to 24 months.
Perhaps most importantly, cuts and freezes won't be instituted uniformly across operations. That's why, as cost-cutting initiatives continue to gain steam, it's up to the cybersecurity community to make the case to leadership that their budget is one that simply cannot be skimped on - and leading vectors such as email should be bolstered at any costs.
This article was written by Eyal Benishti fromTechRadarand was legally licensed through theDiveMarketplaceby Industry Dive. Please direct all licensing questions to[email protected].