Latest News

Fighting fire with fire: research reveals cybersecurity strategies are suffering as a result of complexity

Research released today by Fastly, Inc. (NYSE: FSLY), the world’s fastest global edge cloud platform, finds that more than three quarters (76%) of organisations in the UK and Ireland are increasing their cybersecurity spending to protect themselves against future risks, despite 3 in 5 already feeling their budget is sufficient to protect against the modern threat landscape.


However, despite this increased budget, IT leaders are investing poorly. The result of this is that over a third (37%) of cybersecurity tools are not fully deployed by the organisations that pay to use them.  And, when these tools do run, they regularly do not work, with nearly two out of every five alerts (39%) detected by organisations’ WAFs being false positives. Similarly, due to a widespread scattergun approach to cybersecurity implementation, 39% of these tools overlap, protecting organisations against the same threats.


Jay Coley – Sr. Security Architect (EMEA) – Fastly, commented: “It’s notable that, at a time when organisations are tightening the purse strings in almost every department, cybersecurity remains a focus for spending. This underscores just how much of a threat businesses see security breaches and associated data leaks.


“The reality, though, is that the majority of organisations are increasing spending with no clear strategy. Spending more money doesn’t necessarily equate to a safer business. Instead, it can create the illusion of security, and ironically put the businesses at even greater risk down the line when their security tools don’t work.”


As part of this research, IT leaders also predicted the biggest threats to their organisation in the next 12 months, with 36% highlighting phishing, 33% data breaches and data loss, and 32% malware as their key areas for concern. Comparatively, in research carried out by Fastly in the UK in 2021, the top threats identified by organisations were malware, dedicated denial of service (DDoS) attacks and bad actors targeting known vulnerabilities. This change represents a significant year-on-year shift towards threats based upon social engineering with individual employees targeted by bad actors.


The other primary area of concern for these organisations is securing remote workers. A significant majority (89%) of IT leaders surveyed expressed concern about the effect of adopting a remote work culture since the pandemic on their cybersecurity strategy, compared to 82% globally. Additionally, 52% of these predict that cyber attacks on remote workers will drive cybersecurity threats over the next twelve months, and more than a nearly half (48%) have made protecting the new hybrid workforce their main priority for the coming year.


Sean Leach, Chief Product Architect – Fastly, continued: ”These stats paint a picture of cybersecurity strategies fuelled by fear. If businesses get the fundamentals of cybersecurity right – such as non-SMS based two-factor authentication, rigid authorisation rules, rate limiting to control sent or received requests when needed, and comprehensive security training across all parts of the organisation –   they are able to defend against the majority of the most common threats, particularly potential data breaches. These basic steps go a long way to preventing severe financial and data losses and should be priorities for all businesses, regardless of size. This approach also resolves the question of what to do with remote workers. By adopting these measures, an individual employee’s location no longer matters for your business’ cybersecurity posture, meaning there is no need for concern around remote work. After all, hybrid work is here to stay, so businesses should be prepared to embrace it.”


The full report contains the five fundamental steps organisations can take to improve their cybersecurity posture, removing unnecessary complexity in the process. Download the full report here to discover these steps:


About the research

This research surveyed over 1,400 key IT decision makers in large organisations spanning multiple industries across North America, Europe, Asia-Pacific and Japan. The survey included 203 IT decision makers in organisations with more than 500 employees across the UK and Ireland.