Splunk CISO Report 2024: Apto’s View

With the increasing frequency and sophistication of cyber-attacks and data breaches, it’s become essential to stay ahead of emerging threats, respond quickly when incidents inevitably occur, and do all of this while using existing platforms as efficiently as possible. At Apto, we’re keenly aware of how overall security posture is dependent on the right mix of advanced platform technology, skilled people doing the best work and the right organisational processes. And CISOs, typically are the ones holding all of these complex responsibilities in their hands.

Splunk CISO Report

Splunk, one of the leading SIEM platform vendors, recently published a research report to help better understand the evolving role of Chief Information Security Officers (CISOs) and their views on the coming challenges and how they relate to threat management. Here are just a few of the key insights from Splunk CISO report that give us a glimpse into the threat management landscape coming into 2024.

AI is here to stay, but so is automation

Seventy per cent of CISOs believe that AI gives an advantage to attackers over defenders. Still, 35% are already experimenting with it for cyber defence, such as malware analysis, workflow automation, and risk scoring. However, automation is not a new concept for CISOs, with 93% of them having extensively or moderately implemented automation into their processes and existing platforms. For large, sprawling and complex tools such as SIEM, the automation of repeatable tasks is a key part of keeping platform costs down and coverage rates high.

On top of this, the report showed that 86% of CISOs believe that generative AI will alleviate skills gaps and talent shortages they have on their security team. That means instead of replacing jobs, generative AI will more likely be used to fill in labour-intensive and time-consuming security tasks that professionals are reluctant to do anyway (writing policy documents, perhaps?), freeing them up to be more strategic. The reality is that there aren’t enough cybersecurity professionals to meet growing demands. AI might provide organisations with the ability to supplement staff with everything from documentation to basic ticket triage. Knowing how to use these AI tools and integrating them with existing SIEM will likely be a key requirement in the years ahead.

Paying ransomware demands is commonplace

Ninety per cent of CISOs report that their organisation experienced at least one disruptive attack last year. Even more shockingly, 83% paid attackers in the wake of a ransomware attack — directly, via cyber insurance, or with a negotiator — with more than half paying at least $100,000. That’s a lucrative business for ransomware groups — and many desperate organisations gamble with their reputation, in the hope of decrypting their data, recovering their systems and preventing the release of sensitive material. Even in some cases, paying the ransom isn’t a solution, there is never any guarantee that all of the impacted data can be restored.

The best approach here is to proactively prevent these types of attacks in the first place, using a full coverage platform which ties back to specific use cases. Once, again a focus on proactive steps rather than reactive firefighting. Backing up this stance with exercises to exert some real-yet-safe pressure on those systems and getting the documentation to prove they are working will be key. This documentation helps CISO’s justify spending and prove compliance to C-Suit and help show a path forward. It’s also vital to complete all platform maintenance and conduct regular checks so the platform keeps that coverage, months and years after its initial setup. This is easier said than done, with a small team and a requirement for dedicated SIEM expertise.

Boards (usually) prioritise security funding

Ninety-three per cent of CISOs expect an increase in their cybersecurity budget over the next year, yet 83% see cuts in other parts of their organisation. Economic challenges are impacting security, but not in the way you might expect: Eighty per cent say they have noticed their organisation has faced a growing number of threats coinciding with the declining economy.

Even though security funding is staying even, there is still a focus on efficiency and predictability when it comes to security tooling and costs. When there are so many specialist tools and options available, it is easy for organisations to get overwhelmed with their data passing through multiple differnet platforms. Going forward into 2024, effective tooling consolidation and choosing the right platform and then maximising that platform will be key.

Even in organisations with ample budget allotment for security, there is still very much a broad level of pressure to make platform costs reliable, consistent and most of all predictable over the next several years. CISOs are not swayed by the promise of the “cheapest tool now” but rather by the most equitable tool over time, and with the least amount of surprises.

The Support a CISO Needs

For many in charge of their organisation’s threat management, this combination of pressure from above to do more with less means constantly justifying their teams’ value, while also filling security gaps caused by staffing shortfalls and finding new ways to mitigate risk. The balancing act isn’t easy. This is exacerbated by the ever-increasing complexity of a growing estate and ever more complex SIEM tools and the emergence of AI, both for threats and defence. It’s a lot for one team and one CISO to handle.

Luckily SIEM isn’t something that needs to be difficult; as we mentioned at the start of this article, it’s about a combination of technology, people and processes. It’s possible to set yourself up for a more confident posture and achieve long-term SIEM success, with the right help.

If you’d like to learn more about how Apto can help you on your SIEM journey, contact us today.