Cybersecurity practitioners are growing increasingly overwhelmed managing tools from multiple vendors, according to new research from Kaspersky.
A recent study from the security firm found nearly three-quarters (74%) of companies in the UK rely on “multi-vendor ecosystems” – a trend which is putting them at increased risk and burning out staff.
Indeed, over one-third (36%) of UK cyber workers said their security stacks are “overly complex and time-consuming” to maintain, which in turn is hampering their ability to respond to emerging threats.
Maintaining disparate tools has a knock-on effect across the cybersecurity segment at most businesses, the study noted. Compatibility issues were highlighted as a key challenge, for example, with 43% of respondents indicating they cannot keep a handle on security processes because of a lack of cross-platform integration.
This, the study warned, often leads to manual interventions and increases the chances of human error or blind spots, leaving the business open to breaches.
Similarly, 36% said they struggle with “inconsistent threat visibility” due to the growing array of tools and solutions. As data is collected from various vendors, Kaspersky noted this also creates blind spots and reduces “overall situational awareness”
Ilya Markelov, head of unified platform product line at Kaspersky, said enterprises often rely on multiple vendors “by default, rather than through deliberate strategic planning”.
“While diversification of security solutions can offer certain benefits, such as risk mitigation and coverage breadth, an unchecked increase in complexity often leads to significant resource drain and operational inefficiencies,” Markelov said.
“Moreover, this complexity can create critical blind spots, making it harder to maintain comprehensive threat visibility and respond effectively to emerging risks.”
Tool sprawl is still plaguing cybersecurity teams
The study from Kaspersky is the latest in a string of warnings over tool sprawl in recent years. It’s not just an issue restricted to cybersecurity teams, however, with workers in other professions, such as software development, contending with the problem.
Analysis from Red Canary in October 2024 showed tool sprawl was a key challenge facing software development teams. The study came just weeks after separate research from IDC which examined the mental strain placed on teams as a result of tool sprawl, known as ‘context switching’.
Context switching refers to the process of moving from one environment or solutions stack to another in an employee’s daily workflow. Over two-thirds (70%) of respondents told IDC that switching between different tools reduced their efficiency.
Speaking at the time, Katie Norton, research manager for DevSecOps and software supply chain security at IDC, said context switching not only wastes an employee’s time, but also inflates costs.
Costs were another key issue highlighted by Kaspersky in its recent report, with the security firm warning 36% of UK businesses experience “budget overruns” due to overlapping solutions.
“These redundancies not only inflate costs but also complicate resource allocation and strategic planning,” the company said.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Software developer salaries are surging in the UK as AI skills gaps drives demandNews Stack Overflow says positive growth in developer salaries shows the community is thriving
-
Darktrace bolsters expansion plans with double C-suite appointmentNews Industry veteran Samun Raju joins the security vendor as CFO, while former KnowBe4 executive Hein Hellemons becomes CRO
-
CISA just published crucial new guidance on keeping Microsoft Exchange servers secureNews With a spate of attacks against Microsoft Exchange in recent years, CISA and the NSA have published crucial new guidance for organizations to shore up defenses.
-
US telco confirms hackers breached systems in stealthy state-backed cyber campaign – and remained undetected for nearly a yearNews The hackers remained undetected in the Ribbon Communications’ systems for months
-
Google says reports of a 'huge' Gmail breach affecting millions of users are false, againNews Reports of a major Gmail affecting millions of users have been flooding the web this week – Google says they're "false" and you've nothing to worry about.
-
Enterprises can’t keep a lid on surging cyber incident costsNews With increasing threats and continuing skills shortages, AI tools are becoming a necessity for some
-
Cyber researchers have already identified several big security vulnerabilities on OpenAI’s Atlas browserNews Security researchers have uncovered a Cross-Site Request Forgery (CSRF) attack and a prompt injection technique
-
CISA issues alert after botched Windows Server patch exposes critical flawNews A critical remote code execution flaw in Windows Server is being exploited in the wild, despite a previous 'fix'
-
Former NCSC head says the Jaguar Land Rover attack was the 'single most financially damaging cyber event ever to hit the UK' as impact laid bareNews Researchers said they place the UK financial impact of the attack on Jaguar Land Rover at around £1.9 billion.
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
