The Bottom Line: Our approach to cybersecurity is simply more pragmatic—we focus on things that matter most and apply a unique research lens.
Our recent HFS OneOffice™ Pulse Study revealed that enterprises are paying special attention to deploying emerging technologies into how they approach cybersecurity. While we can celebrate the focus on strengthening and modernizing the technology environment, it does not appear to be enough.
We at HFS Research don’t look at cybersecurity as a complicated, tech-only puzzle.
Here is how our core research pillars and CHIEF principles (Control enabled, Human centered, Insight led, Effectiveness first, Future looking) provide differentiated insights to CISOs, IT and business leaders across the enterprise.
We focus on five research pillars we believe are vital cybersecurity building blocks
Exhibit 1 describes the five core research pillars we focus on:
- Reducing the cybersecurity skill gap
- Boosting cybersecurity capabilities with intelligent solutions
- Managing identity and access risks
- Securing and trusting the cloud environment
- Detecting and responding to modern cyber threats
Exhibit 1: We look at our five core research pillars as interlinked and mutually reinforcing
Source: HFS Research, 2021
Our view is that a resilient cybersecurity environment can only be sustained through a skilled workforce and effective protection measures. Therefore, our research pillars revolve around two themes: augmentation and protection.
Augment to better protect your organization from existing cyber threats
Continuous augmentation plays a crucial role in sustaining cybersecurity projects and operations. We believe that its ineffectiveness has a pervasive negative impact on the ability to protect the enterprise. We cover augmentation through two pillars:
- Reducing the cybersecurity skill gap: Attackers don’t hack in; they take advantage of employees’ lack of cybersecurity knowledge. Human error is the main cause of more than 90% of cybersecurity breaches. We believe that continuously upskilling employees by equipping them with up-to-date knowledge is critical to sustaining cybersecurity initiatives and ultimately responding effectively to cyber threats. This research pillar examines how enterprises are reducing their cybersecurity skill gap within cybersecurity functions and across the organization.
- Boosting cybersecurity capabilities with intelligent solutions: Attackers don’t hack in; they keep improving their tactics and capabilities faster than cybersecurity teams can keep up. Attackers know very well that enterprises cannot keep pace with the changing threat landscape. We believe that alleviating the fatigue associated with mundane security activities is imperative, allowing cybersecurity teams to focus on readiness and improvement activities. This research pillar explores how enterprises are increasing the capabilities of cybersecurity functions using intelligent and automated solutions.
Protect to better respond to emerging cyber threats
Effective protection allows enterprises to invest more time improving response readiness. We cover protection through three pillars:
- Securing identity and access across the enterprise: Attackers don’t hack in; they compromise identities and log in with credentials. Four of five organizations have experienced an identity-based breach over the last two years. Ninety percent (90%) of cyberattacks involve compromised privileged credentials, allowing attackers to move laterally across the network. This research pillar probes how enterprises are deploying a holistic identity and access management environment and staying in control of digital identities.
- Securing and trusting the cloud environment: Attackers don’t hack in; they exploit misconfiguration and process weaknesses to compromise operations. The scale and speed of workload migration to the cloud have inevitably led to poor security practices. Cloud misconfiguration and ineffective maintenance processes remain the top cause of data breaches. This research pillar looks at how enterprises are embedding security policies and monitoring adherence to cloud controls.
- Detecting and responding to modern cyber threats: Attackers don’t hack in; they go under the radar of existing monitoring mechanisms. We believe that the best cyber protection is a strong cyber offense. Proactively searching for threats lurking undetected across the environment is a must-have capability to stay ahead of the game. This research pillar explores how enterprises are maturing their active defense capabilities and modernizing their incident response playbook.
To keep things simple and focused, we narrowed down our research approach to five essential guiding principles
CHIEF is a set of principles driving how HFS looks at each of the cybersecurity research pillars. These five principles allow us to consistently focus on the right things when conducting our market research, evaluating technology vendors and service providers, and forming our perspective.
- Control enabled: We pay special attention to governance and controls. We look at how enterprises embed controls into the design of their cybersecurity initiatives.
- Human centered: We believe in the importance of placing humans at the center. We look at how enterprises manage people and talent supporting cybersecurity initiatives.
- Insight led: We believe that meaningful insights lead to meaningful decisions. We look at how enterprises generate insights to monitor and improve cybersecurity initiatives.
- Effectiveness first: We look at the effectiveness and value for money of cybersecurity initiatives. We look at how enterprises are measuring the effectiveness of their cybersecurity initiatives and tying back their investment to bottom-line results.
- Future looking: We keep in mind how major innovations can impact cybersecurity initiatives. We look at how enterprises are getting ready to respond to innovations and disruptive technologies.
Data and case studies from the cybersecurity community are the foundation for providing meaningful insights and actions
HFS will deliver specific research initiatives by gathering information from across our five research pillars, described in Exhibit 2. Beginning today, we will provide CISOs and security conscience professions with actionable information about how to partner with technology and services providers, how to reduce the attack vectors of bad actors, and how to share experiences with peers:
- HFS Pulse Survey focused on cybersecurity, targeting 200+ CISOs across 10 industries
- HFS Top 10 cybersecurity service providers
- HFS Top 10 cybersecurity technology vendors
- HFS cybersecurity Hot Vendors
- Industry-specific reports
- Digital roundtables
The HFS Cybersecurity Pulse Survey planned for Q4 2021 will allow us to gather extensive data points across our research pillars and define the cybersecurity value chain, against which we will assess providers in our Top 10 reports.
Exhibit 2: The upcoming HFS Cybersecurity Pulse Survey will be the foundation of our cybersecurity research
Source: HFS Research, 2021
Takeaways
The cybersecurity research field is convoluted, and it is easy to get lost in the intricacy and hype, especially around implementing the best technology for your enterprise. HFS Research applies a pragmatic research approach to provide actionable insights on cybersecurity areas that matter most. We firmly believe that continuous augmentation leads to sustained protection, allowing enterprises to spend more time improving response readiness to modern cyber threats. It’s that simple.
