Lior Arbel, Encore's Co-Founder.

This year, companies will spend more than US$23-billion on cybersecurity, according to ABI Research. That is a lot of money, yet cybercrime doesn't appear to be slowing down. If one looks for a return on investment, cybersecurity comes out quite poorly, and there are many anecdotal accounts of companies that spent big and still fell victim to online crime.

Why is this happening? The problem doesn't necessarily sit with security technology but rather with how the technology world has changed.

Today's business technology estates are much more complicated. They have many more layers, they often operate beyond the business' secured parameters, and they are tougher to monitor. Businesses try to address security risks by focusing on specific areas but they often don't connect the dots into an overall view of their entire security environment.

Security for a complicated world

Point security solutions illustrate this situation. These security solutions focus on specific challenges, such as device management or email security. They do essential jobs, and security is weaker without them. But when point security services remain isolated, they leave gaps that criminals exploit.

Hence why more security doesn't mean better security and lower risk. The issue often comes down to how companies think they understand security. They identify a problem, find a solution, motivate the cost, and bring it into the environment. Then they find another problem, another solution, and so it goes.

Why does this happen? They focus on specific problems but don't have that big picture. We often help businesses that have many security services yet still encounter problems. This is because they aren't connecting the dots.

Such companies also have many unintended overlaps between services, duplicated systems, and underutilised features. For some, it is tempting to let go of so many different services and bring everything together under one brand.

Consolidation must not be the only target. No one vendor can cover all your security needs. The constant march of new attack opportunities requires businesses to be more creative with their security investments and that means taking on different products that do the best job against specific threats. It’s not about consolidation, it's about how we get all those pieces to work in harmony.

Creating security harmony

Security harmony is the key to reducing cyber risk. Like an orchestra, security only finds this harmony when it has central guidance, which many companies overlook. Fortunately, demand for a single view of complex security estates has led to an emerging class of software that audits and reports on the big picture and specific details.

Though many security products report their status, they focus only on themselves.

Some cybersecurity systems have good reporting capabilities but they tend to use bespoke agents and data standards, so to get the bigger picture people spend many hours manually collecting and compiling that information to consolidate the data from the various systems. However, many don't, so you need security auditing services that agnostically query all security and create reports that serve all that information in one format.

Managed security service providers have encountered this problem for longer than most. Since they must understand entire customer environments, they cannot rely on narrow vendor-generated reports.

Companies of all types invest in cybersecurity. There is a general acknowledgement of managing the digital age's risks. But unless companies can connect their dots and see the bigger picture, they will continue mitigating individual risks without genuinely improving their overall position. Hence why more security doesn't reduce cyber risk, but smart security management does.

Look for that big picture, and use third-party software that can deliver it across all your security investments.

Don't rely only on vendor reporting tools - they are great for specific services and appliances but not the big picture and you want to know about all of them in context. Fortunately, it doesn't take a lot to introduce continual agnostic audits into your environment and it will be a change that keeps improving your business.