Cyber-security professionals put more emphasis on supplier-level consolidation, department collaboration, and security awareness programs, according to the Fifth Cisco CISO Benchmark Study 2019. The study is conducted at the level of globally, with over 3,000 security leaders from 18 countries interviewed. The complexity of activities and operations is a continuing challenge for CISO (Chief Information Officers and Security Officers), but many are increasingly confident that cloud migration will improve security policies, while reducing , dependence on less-tested technologies such as Artificial Intelligence (AI).
Complex organizational environments, made up of solutions from 10 or more security providers, may limit the visibility of security professionals at the organization level. 65 percent of respondents believe it is not an easy task to fix the purpose of an attack, isolate it, and prevent other attacks. The unknown threats that exist outside of the company, ie users, data, devices and applications, are also a major concern for CISO. To address these challenges and better protect organizations:
- 44 percent increased investment in security technologies in defense;
- 39 percent practice employee awareness sessions on security;
- 38 percent focused on the implementation of risk mitigation techniques.
Respondents also noted the high financial impact of security breaches. 45 percent of respondents reported that the financial impact of a security breach on their organization was more than USD 500,000. The good news is that more than 50 percent of respondents have managed to reduce the cost of security breaches under half a million dollars. However, a solid 8 percent remains, which continues to cost over USD 5 million per incident, for the largest breach in the past year.
“This year, more than ever, CISO says it plays a much more proactive role in minimizing exposure to attacks, through consolidation and information, as well as investment in critical technologies, cyber defense, and isolation of vulnerabilities, but the war is far from to be won,” said Steve Martino, senior vice president and cybersecurity director at Cisco. “Security leaders strive to gain greater visibility across the organization, but also on threats. You cannot protect what you cannot see. Cisco is committed to helping organizations respond to these challenges and deploy new techniques and technologies to stay one step ahead of malicious actors and security threats. “
- Continued supplier consolidation trend: in 2017, 54 percent of respondents said they had up to 10 suppliers within the organization. Now this percentage has risen to 63 percent.
o In many environments, multiple vendor solutions are not integrated and therefore do not share alerts and do not prioritize. According to the study, even those CISOs with fewer punctual solutions could better manage alerts through a global approach to architecture.
- The most collaborative teams lose the least money:
0 95 percent of cyber security professionals reported that their networking and security teams were very or highly collaborative.
0 59 percent of those who said their networking and security teams were very / very collaborative also claimed that the financial impact of the most serious threat to cyber security was under USD 100,000 – the lowest of the cost of a security breach in the study.
- There is greater confidence in cloud security and cloud security.
0 93 percent of CISO reported that cloud migration has increased the efficiency and effectiveness of teams.
o The perception that cloud infrastructure is difficult to protect – 52 percent in 2019, compared with 55 percent in 2017, has fallen.
- The use of risk assessment and risk indicators at the company level, partly driven by cyber insurance purchases, plays an increasingly important role in technology selection and helped CISO focus on operational practices – 40 percent of respondents use insurance cybernetics, at least in part, to set their budgets.
- “Cyber fatigue” – defined as giving up one step ahead of cyber threats and their actors – has fallen from 46 percent in 2018 to 30 percent in 2019.
Challenges and opportunities for CISO:
- Properly used artificial intelligence (AI) and machine learning (ML) are essential for the initial stages of prioritizing and managing alerts. However, dependence on these technologies has fallen, as respondents may perceive the tools as being still in their early stages or unprepared for increased attention:
o ML dependence decreased to 67 percent in 2019, compared with 77 percent in 2018.
0 AI dropped to 66 percent, compared with 74 percent in 2018.
o Automation is down 75 percent compared to 83 percent in 2018.
- Employees / users continue to be one of the greatest security challenges for many CISOs – it is essential to have an organizational process that begins with security awareness from day one.
o Only 51 percent say about themselves that they are doing a great job in managing employee security through complex initiation programs and well-defined processes when transferring or leaving the company’s employees.
- Email protection remains the number one threat vector.
o Phishing and risky user behavior (for example, clicks on malicious links in emails or websites) remain at high levels and are the primary concern for CISO. The perception of this risk has remained constant over the past three years, between 56-57 percent of respondents.
- Managing and fixing alerts remains a challenge. The reduction in legitimate alerts, from 50.5 percent in 2018 to 42.7 percent this year, is worrying, as many respondents consider remediation to be a key indicator of security effectiveness.
o Security metrics change. The number of respondents using average detection time as an indicator for security effectiveness decreased from 61 percent in 2018 to 51 percent in 2019 on average. Update times also fell from 57 percent in 2018 to 40 percent in 2019. The remediation time, as a success indicator, has increased: 48 percent of respondents mentioned this, compared with 30 percent in 2018.
Recommendations for CISO:
- Build security budgeting on measured security results, with practical strategies associated with cyber-assurance and risk assessments to guide your purchases, strategy and management decisions.
- There are proven processes that organizations can use to reduce exposure to threats and the proportions of security breaches. Make simulations; use rigorous investigative methods; it is good to know which are the most effective remedies.
- The only way to understand the security needs of an organization is to collaborate between departments – between IT, Networking, Security and Risk / Compliance.
- Orchestrate response to incidents from disparate instruments to move from detection to faster response and less manual coordination.
- Combine threat detection with access protection to respond to internal threats and align with a program like Zero Trust.
- Address the number one threat threats with phishing training, multi-factor authentication, advanced spam filtering, and Domain-based message Authentication, Reporting and Conformance, an email validation system designed to detect and prevent the use of false addresses for phishing) to defend against compromising business emails.