For 12 consecutive years, Cisco has surveyed thousands of corporate security executives from around the world. The networking and cybersecurity solutions leader’s purpose of the survey is to provide valuable insights about the threats, strategies and tools shaping our cybersecurity landscape. And, how organizations like yours can set yourself up for success with training, budgeting, vendor selection, alert management and breach readiness.
The central theme of the 2019 CISO Benchmark Study: Anticipating the Unknowns is focused on what’s keeping Chief Security Information Officers (CISOs) up at night. These unknowns include everything from malicious actors and rapidly evolving malware to rogue employees and shadow IT.
While all CISOs welcome the ability to see both in the future and past at the same time, only 35 percent of those surveyed find it easy to “determine the scope of a compromise, contain it and remediate from exploits.”
The insight culled from Cisco’s research clearly shows there’s still room for improvement when it comes to battling cyber incidents. But, strategies to stay ahead of these security attacks are moving in the right direction. Knowing which actions are reaping results and which are less than effective can educate CISOs through peer learning. And, they can strengthen their security posture, without having to take the same thorny path many others before them have already walked.
Figure 1: Respondents of different job titles reported on levels of collaboration between networking and security across the enterprise.
Collaboration seems to be the key to reducing data breach costs. The 2019 CISO Benchmark Study revealed 59 percent of those who were either extremely collaborative between networking and security experienced an impact from breaches of less than $100,000, which was the lowest category in the survey.
In the age of agile development, it seems thinking about application and infrastructure security from the start and developing DevSecOps teams is the best way forward. Especially considering that 95 percent of CISOs already judge themselves to be extremely collaborative between networking and security teams.
Of CIOs polled, 82 percent of them plan to more tightly integrate their IT and security strategy during the next three years, according to a study published by IDG. (This study shows the highest executive levels are well-aware of the importance of collaboration.)
Figure 2: Managing alerts from multiple security vendors.
Last year, the 2018 CISO Benchmark Study revealed 21 percent of respondents had more than 20 vendors, and five percent had more than 50. This year, the numbers have dramatically fallen. Only 11 percent of respondents now have more than 20 vendors, and three percent have more than 50.
It seems most organizations have realized that having more shiny tools at their disposal doesn’t necessarily equal better security. In fact, a bloated multi-vendor environment makes it challenging to manage alerts, which is something 79 percent of respondents agreed on.
“If we can reduce the vendor footprint and have a more integrated architecture, that helps us significantly,” stated one survey respondent. “I would rather have more automation on the back-end through an integrated architecture than having to slap something on top of it and write some new scripts to bring it all together.”
Malware Remains the Greatest Threat
Figure 3: Which security incidents/attack types have you encountered in the past?
Malware remains the most often encountered type of attack even in 2019. It’s also responsible for most data breaches.
However, it’s important to point out that the malware organizations may encounter today is far different from the malware they were likely to encounter 10, or even five, years ago. Fileless malware attacks, in particular, are gaining popularity among attackers. Such attacks don’t install software on a victim’s machine, making them difficult for traditional anti-malware solutions to detect.
Most respondents agree humans are still the weakest security link. They address bad user behavior with drills and exercises, which most organizations (61 percent) perform every six months. This was followed by 33 percent who perform them once a year.
Breaches Damage More Than the Bottom Line
Figure 4: Cisco 2019 CISO Benchmark Study.
It’s widely known breaches can be hugely expensive. But, the potential consequences of a breach go well beyond the bottom line.
This year, customer retention and brand reputation saw a significant increase as key concerns, jumping from 26 percent to 33 percent and from 27 percent to 32 percent, respectively. This reflects that consumers are becoming increasingly concerned about data privacy issues. And, they neither forget nor forgive organizations which have failed to keep their data secure.
That said, at 36 percent, operations still remain the biggest concern due to a breach. Considering the entire city of Baltimore was paralyzed for several weeks after attackers successfully used a cyberattack exploit called EternalBlue to infect its network with ransomware, it’s safe to say this concern is well-founded.
Machine Learning, AI and Automation Might Not Be Ready for Prime Time, Just Yet
Figure 5: Three hot-button topics.
It seems machine learning (ML), artificial intelligence (AI) and automation are leaving the peak of inflated expectations and descending to the trough of disillusionment on the curve of Gartner’s Hype Cycle. This year, far fewer security leaders believe the three technologies are necessary for protecting against the latest cyber threats.
There are several potential reasons why this might be happening. After briefly trying them, it’s possible some organizations have decided that ML, AI and automation aren’t ready for prime time, just yet. It’s also possible they already rely on them to such an extent that they are no longer aware of their presence.
Summarily, the 2019 CISO Benchmark Study: Anticipating the Unknowns report shows collaboration across silos is essential for solidifying a business’ security posture, addressing security gaps and reducing the impact of breaches.
Instead of blindly adopting security solutions, organizations should keep their vendor footprint a small as possible. This can be done effortlessly with the help of managed security services provider and Cisco-certified Gold Partner like Vology.