Cisco has published its sixth annual CISO Benchmark Report surveying the security posture of 2,800 security professionals from 13 countries around the globe. The report provides 20 cybersecurity considerations for 2020 – gleaned from data analysis of survey results and a panel of Advisory CISOs.
Complexity the worst enemy
Digital transformation continues to present itself as an opportunity for IT and security leaders to innovate and gain competitive advantage. But it also carries a tsunami of infrastructure change, which often creates new challenges for security professionals with defeating unknown sophisticated threats looming as a top concern.
To combat complexity, security professionals are increasing investments in automation to simplify and speed up response times in their security ecosystems; using cloud security to improve visibility into their networks; and sustaining collaboration between networking, endpoint and security teams.
“As organisations increasingly embrace digital transformation, CISOs are placing higher priority in adopting new security technologies to reduce exposure against malicious actors and threats. Often, many of these solutions don’t integrate, creating substantial complexity in managing their security environment,” said Steve Martino, senior vice president and chief information security officer, Cisco. “To address this issue, security professionals will continue steady movement towards vendor consolidation, while increasing reliance on cloud security and automation to strengthen their security posture and reduce the risk of breaches.”
The following findings highlight additional CISO challenges and opportunities for improvement:
- 41% of the surveyed organisations found data centres were extremely difficult to defend, and 39% said they struggled to secure applications. The most troublesome place to defend data was the public cloud, with 52 % finding it very or extremely challenging to secure, and 50 % claiming private cloud infrastructure was a top security challenge.
- More than half (52%) of respondents stated mobile devices are now very or extremely challenging to defend. Adopting zero-trust technologies can help secure managed and unmanaged devices without slowing down employees.
- Only 27 % of organisations are currently using multi-factor authentication (MFA), a valuable zero-trust technology to secure the workforce. Survey respondents from the following countries showed the highest MFA adoption rates in this order: USA, China, Italy, India, Germany, and UK. While micro-segmentation, a zero-trust approach to secure access of workloads, had the least adoption at only 17 % of respondents.
- — A key concern for 2020 is that 46 % of organisations, up from 30 % in last year’s report, had an incident caused by an unpatched vulnerability. 68% of organisations breached from an unpatched vulnerability suffered losses of 10,000 data records or more last year. In contrast, for those who said they suffered a breach from other causes, only 41% lost 10,000 or more records in the same timeframe.
Security professionals have made positive developments to improve their security posture:
- 91% of respondents reported they’re very or extremely collaborative.
- 77% of our survey respondents are planning to increase automation to simplify and speed up response times in their security ecosystems.
- 86% of respondents say utilising cloud security increased visibility into their networks.
Follow us and Comment on Twitter @TheEE_io