As part of Solutions Review’s Contributed Content Series—a collection of contributed articles written by our enterprise tech thought leader community—Zach Capers, a Senior Security Analyst at Capterra, discusses why security is becoming one of the most critical factors in the business software selection process.
With cyber-attacks dramatically increasing over the last two years, Capterra surveyed business software buyers to find out if this affected their software selection decisions—and the impact was even more significant than expected. The survey revealed that security is now the most critical factor when searching for new software. Not functionality, not ease-of-use, and not even price—security.
For those of us in the security field, this might feel like vindication. Businesses are finally prioritizing security in the software selection process. While it could be that everyone has suddenly had an epiphany, it’s more likely that companies have been worn down by an onslaught of increasingly severe security threats over the last several years.
Cyber-Attacks Growing More Effective
Threat actors have grown more organized, patient, and ruthless in recent years, making their attacks more effective than ever. Take ransomware, which has rapidly evolved from a straightforward, generally indiscriminate scheme into a highly targeted strategic attack that commonly incorporates data theft and DDoS attacks to add pressure and force victims to the bargaining table.
Massive software supply chain attacks such as SolarWinds, Log4j, and MOVEit have also exemplified the move toward more effective (and efficient) attacks. Instead of going after individual companies, attackers have realized that getting a single foothold in the software supply chain can result in access to the networks of hundreds or even thousands of companies.
Likewise, the humble phishing email has also become more effective, maintaining its status as a premier source of malware infection and credential theft. The age of poorly worded mass phishing emails has given way to spearphishing campaigns that target specific organizations using advanced social engineering techniques and leveraging multiple communication channels.
By now, most companies have been impacted by a significant cyber-attack, and business leaders are keeping these experiences front-of-mind when shopping for new software. But what exactly are business software buyers looking for?
Companies Seeking Protection From Emerging Threats
Back to the survey, Capterra finds that the most wanted security features among business software buyers are data backups, security notifications, and data encryption. Against a backdrop of rampant ransomware, it’s perhaps no surprise that data backups rank as the top must-have security feature. Data backups are critical for any modern business and help protect against cyber-attacks, hardware failures, and natural disasters.
However, when using SaaS providers, companies might develop a false sense of security, assuming that their data is safe and backed up in the cloud. This is not necessarily the case. Even if a vendor does offer backup protection, it’s worth considering a dedicated SaaS backup and recovery service for added security.
The second most desirable feature is security notifications. Businesses are looking for software that proactively alerts them to security threats such as network intrusions, compromised credentials, or needing to update a device. Ensuring that your software provider furnishes alerts helps to save your company precious time and react quickly to threats.
A key tool to protect sensitive information and mitigate data breaches, encryption ranks as the third most sought-after security feature. It’s essential for business software buyers to verify that data will be encrypted both at rest and in transit and to understand which protocols are used.
Buyers Demanding Stronger Authentication Measures
So you’ve found it, the most impregnable application ever created with all the security features imaginable—now you need to access it. Authentication will always be a security battleground, and Capterra’s report shows buyers are looking for more robust options.
Beyond basic password authentication, more than half of buyers are looking for compatibility with software tokens (i.e., authentication apps). More intriguingly, biometrics and hardware tokens (e.g., USB keys) are being pursued by about 40 percent of businesses, while one in four express interest in contextual/behavioral authentication options.
The increasing availability of (and demand for) robust authentication options, along with emerging passwordless solutions like Fast Identity Online (FIDO) in new software products, are paving the way to a much more secure future that doesn’t rely on problematic passwords. Still, compatibility with password-reliant platforms and legacy systems will continue slowing the path toward passwordless authentication.
Putting a Premium on Secure Software
Of course, there are many reasons beyond cyber-attacks why companies prioritize secure software, including rising regulatory requirements and growing consumer data privacy concerns. But there is little doubt that an increasingly severe threat environment has hit home for many business leaders who are now willing to pay a premium for security when purchasing new software.