Security professionals put more emphasis on supplier-level consolidation, department collaboration, and security awareness programs, according to the fifth Cisco CISO Benchmark Study 2019.
The study is conducted globally, with over 3,000 security leaders interviewed in 18 countries. The complexity of activities and operations is a continuing challenge for CISO (Chief Information Officers and Security Officers), but many are increasingly confident that cloud migration will improve security policies, while reducing , dependence on less-tested technologies such as Artificial Intelligence (AI).
Complex organizational environments, made up of solutions from 10 or more security providers, may limit the visibility of security professionals at the organization level. 65% of respondents believe it is not an easy task to fix the purpose of an attack, isolate it, and prevent other attacks. The unknown threats that exist outside of the company, ie users, data, devices and applications, are also a major concern for CISO. To address these challenges and better protect organizations:
Respondents also noted the high financial impact of security breaches. 45% of respondents reported that the financial impact of a security breach on their organization was more than $ 500,000.
The good news is that more than 50% of respondents have managed to reduce the cost of security breaches under half a million dollars. However, a solid 8% remains, which continues to cost over $ 5 million per incident, for the largest breach in the past year.
Positive developments:
Continuing supplier consolidation trend
In 2017, 54% of respondents said they have at most 10 providers within the organization. Now this percentage has risen to 63%.
In many environments, multiple vendor solutions are not integrated and therefore do not share alerts and do not prioritize.
The most collaborative teams lose the least money:
95% of cyber security professionals reported that their networking and security teams were very or highly collaborative.
59% of those who said their networking and security teams were very / very collaborative also claimed that the financial impact of the most serious threat to cyber security was under $ 100,000 - the lowest the cost of a security breach in the study.
There is greater confidence in cloud security and cloud security.
93% of CISO reported that cloud migration has increased the efficiency and effectiveness of teams.
The perception that cloud infrastructure is difficult to protect - 52% in 2019, compared with 55% in 2017 - has fallen.
The use of risk assessment and risk indicators at the company level, partly driven by cyber insurance, plays an increasingly important role in technology selection and helped CISO focus on operational practices - 40% of respondents use cyber-insurance , at least in part, to establish their budgets.
"Cyber fatigue" - defined as giving up one step ahead of cyber threats and their actors - has fallen from 46% in 2018 to 30% in 2019.
Challenges and opportunities for CISO:
Properly used Artificial Intelligence (AI) and Machine Learning (ML) are essential for the initial stages of prioritizing and managing alerts. However, dependence on these technologies has fallen, as respondents may perceive the tools as being still in their early stages or unprepared for increased attention:
ML dependence decreased to 67% in 2019, compared with 77% in 2018.
AI declined to 66%, compared with 74% in 2018.
Automation is down 75% compared to 83% in 2018.
Employees / users continue to be one of the greatest security challenges for many CISOs - it is essential to have an organizational process that begins with security awareness from day one.
Only 51% say about themselves that they are doing a great job in managing employee security through complex initiation programs and well-defined processes when transferring or leaving the company's employees.
Email protection remains the number one threat vector.
Phishing and risky users (for example, clicks on malicious links in emails or websites) remain at high levels and are the primary concern for CISO. The perception of this risk has remained constant over the past three years, between 56-57% of respondents.
Managing and fixing alerts remains a challenge. The reduction in legitimate alerts, from 50.5% in 2018 to 42.7% this year, is worrying, as many respondents consider remediation to be a key indicator of security effectiveness.
Security metrics change. The number of respondents using average detection time as an indicator for security effectiveness decreased from 61% in 2018 to 51% in 2019 on average. Update times also fell from 57% in 2018 to 40% in 2019. The remediation time, as a success indicator, has increased: 48% of respondents mentioned this, compared with 30% in 2018.
Recommendations for CISO:
Rely on security budgeting on measured security results, with practical strategies associated with cyber-assurance and risk assessments, to guide your purchases, strategy and management decisions.
There are proven processes that organizations can use to reduce exposure to threats and the extent of security breaches. Make simulations; use rigorous investigative methods; it is good to know which are the most effective remedies.
The only way to understand the security needs of an organization is to collaborate between departments - between IT, Networking, Security and Risk / Compliance.
Orchestrate response to incidents from disparate instruments to move from detection to faster response and less manual coordination.
Combine threat detection with access protection to respond to internal threats and align with a program like Zero Trust.
Approach the number one threat threats with phishing training, multi-factor authentication, advanced spam filtering, and Domain-based message Authentication, Reporting and Conformance, an email validation system designed to detect and prevent the use of false addresses for phishing) to protect you from compromising business emails.