{"id":88575,"date":"2023-03-24T21:19:39","date_gmt":"2023-03-24T21:19:39","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4054825"},"modified":"2023-03-24T21:19:39","modified_gmt":"2023-03-24T21:19:39","slug":"even-after-armed-with-defense-tools-cisos-say-successful-cyberattacks-are-inevitable-new-study","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=88575","title":{"rendered":"Even after armed with defense tools, CISOs say successful cyberattacks are \u2018inevitable\u2019: New study"},"content":{"rendered":"<figure id=\"attachment_4054832\" aria-describedby=\"caption-attachment-4054832\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-article wp-image-4054832\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/03\/even-after-armed-with-defense-tools-cisos-say-successful-cyberattacks-are-inevitable-new-study.jpg\" alt=\"A lock in a room full of interlocking tiles has been unlocked.\" width=\"770\" height=\"502\"><figcaption id=\"caption-attachment-4054832\" class=\"wp-caption-text\">Image: CROCOTHERY\/Adobe Stock<\/figcaption><\/figure>\n<p>In Cisco\u2019s new <a href=\"https:\/\/www.cisco.com\/c\/dam\/m\/en_us\/products\/security\/cybersecurity-reports\/cybersecurity-readiness-index\/2023\/cybersecurity-readiness-index-report.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">Cybersecurity Readiness Index<\/a>, only 15% of respondents to the global survey said their organizations have implemented security programs mature enough to defend against current cybersecurity risks.<\/p>\n<p>While most enterprises have some collection of cybersecurity measures deployed, a full 82% of the 6,700 chief information security officers and other cybersecurity leaders in the 27 global markets Cisco examined, said they expect to be successfully <a href=\"https:\/\/www.techrepublic.com\/article\/leaders-batten-hatches-ransomware-storm\/\">attacked<\/a> in coming months.<\/p>\n<p>Some quick takeaways from the study:<\/p>\n<ul>\n<li>60% of respondents reported a cybersecurity incident in the last 12 months.<\/li>\n<li>71% said these incidents cost them, on average, $100,000.<\/li>\n<li>41% said these incidents cost them $500,000 and more.<\/li>\n<\/ul>\n<h2>Cybersecurity as platform, not collection of individual solutions<\/h2>\n<p>Tom Gillis, senior vice president for Cisco Security, said enterprises are in the midst of a strategic shift away from security through collections of individual software security tools and cloud solutions for securing assets. Rather, he asserted, they are adopting broad coverage across vulnerabilities from single vendors integrated under one platform \u2014 an integrated suite of solutions versus an a la carte approach.<\/p>\n<p><strong>SEE<\/strong>: Why <a href=\"https:\/\/www.techrepublic.com\/article\/cloud-security-tools-trees-problem\/\">more is not necessarily better<\/a> when it comes to security solutions<\/p>\n<p>\u201cFor decades, new problems in security have arisen and small companies come up with innovative solutions to address these. But buying individual best-in-breed solutions from new vendors puts the burden on the customer to ingest all of these solutions and integrate them,\u201d Gillis said.<\/p>\n<p>\u201cIf you talk to a mature IT organization, they can easily have 150 security tools,\u201d he added. \u201cAre you really getting your value out of that?\u201d<\/p>\n<p>He said only 40% of security features are used continuously, while the rest are \u201cin the single digits.\u201d<\/p>\n<p>Cisco\u2019s study shows that 85% of security leaders plan to increase their cybersecurity budget by at least 10% over the next 12 months \u2014 but not on a piecemeal collection of tools.<\/p>\n<p>\u201cThe majority of people have been spending money on security solutions for decades and putting very good technologies and innovative solutions to work,\u201d said Gillis. \u201cBut if you ask them if we are winning or losing, most say we are definitely not winning.\u201d<\/p>\n<p><strong>SEE<\/strong>: Business email <a href=\"https:\/\/www.techrepublic.com\/article\/business-email-compromises-double-overtake-ransomware\/\">attacks<\/a> went way up last year.<\/p>\n<h2>Protecting identity, devices, networks, applications and data<\/h2>\n<p>Cisco based the index on respondents\u2019 perception of their organization\u2019s security stance around identity, devices, network, application workloads and data, and the extent to which their organizations have solutions in place for each of these. Based on responses detailing how far along their organizations were in achieving security goals, they placed organizations into four security-phase categories: beginner, formative, progressive and mature.<\/p>\n<p>The largest proportion of companies, 47%, reported they are in the formative state of security systems deployment. Thirty percent said they were in the more advanced progressive state. Eight percent characterized themselves as \u201cbeginners,\u201d and 15% \u201cmature.\u201d<\/p>\n<h2>Where organizations see themselves in 5 key areas<\/h2>\n<h3>Identity management<\/h3>\n<p>A quarter of all respondents ranked Identity Management (IDM) as the No. 1 risk for cyberattacks. Ninety-five percent said they had implemented some kind of identity management solution, with identity access management the most popular. Two-thirds said they have deployed IAM solutions.<\/p>\n<aside class=\"pinbox right\">\n<h3 class=\"heading\">Must-read security coverage<\/h3>\n<\/aside>\n<p>Of those who have not yet rolled out identity solutions, 69% said they have no intention to do so. For those that do intend to roll out identity solutions, most said it would take from between one to five years to do so.<\/p>\n<p>Gillis explained that it is not remarkable that organizations require a comparatively long stretch of time to deploy identity management solutions.<\/p>\n<p>\u201cFor example, legacy systems need to be tested, and sometimes upgraded in order to ensure that they will work with the new IDM solution,\u201d he said. \u201cOrganizations rolling out completely new features will often take their time to test these systems. Those upgrading their existing IDM to something more robust will take less time to do so. It would be nice if things like IDM could be slapped in and switched on, but security is never that simple.\u201d<\/p>\n<h3>Protecting devices<\/h3>\n<p>Cisco said three-quarters of respondents reported their organizations use enhanced antivirus solutions for device protection. Sixty-five percent said they deploy host controls, which allow a computer to communicate and process information between itself and the device or the network to protect the computer\u2019s operating system. Fifty-six percent of companies said they are either at the very start of their journey or only a short way down the path.<\/p>\n<h3>Protecting networks<\/h3>\n<p>In Cisco\u2019s survey:<\/p>\n<ul>\n<li>69% of respondents said their organizations use firewalls with built-in intrusion prevention systems.<\/li>\n<li>61% reported deploying network segmentation policies based on identity ranking.<\/li>\n<li>60% said they use network behavior anomaly detection tools.<\/li>\n<li>31% mentioned that they protect their networks with packet capture and sensor tools.<\/li>\n<\/ul>\n<p>But, according to the report, the scale of deployment is not keeping pace with attacks.<\/p>\n<p>Among companies that have adopted firewalls with built-in intrusion protection, only 56% have fully deployed them and only 64% of companies have fully deployed network segmentation policies.<\/p>\n<p>Among the companies that are still deploying network security solutions, 50% said they are planning to roll them out within the next 12 months.<\/p>\n<p>\u201cSome will roll out faster than others, but when you factor in budgeting, test deployments, additional testing, and additional rollout, that can take time; but getting things right from the beginning is worth it, and that is especially true for security. It should always be baked in, not bolted on, so that means starting from the ground and working up,\u201d said Gillis.<\/p>\n<h3>Securing application workloads<\/h3>\n<p>Cisco\u2019s study also reported that demand for low latency, always-on remote experiences is driving companies to accelerate the pace of digital application adoption. Almost all respondents to Cisco\u2019s survey said they have deployed security solutions for applications:<\/p>\n<ul>\n<li>66% of respondents said they use a host software firewalls, with 67% of these having fully deployed them.<\/li>\n<li>64% said they use endpoint protection.<\/li>\n<li>55% said they use application-centric protection tools.<\/li>\n<li>34% deploy data loss prevention software.<\/li>\n<\/ul>\n<h3>Protecting data<\/h3>\n<p><a href=\"https:\/\/www.techrepublic.com\/article\/crowdstrike-attackers-cloud-exploits-data-theft\/\">Data theft<\/a> is on the rise, but respondents to Cisco\u2019s study say they are covered, with most saying they deploy data encryption and data caching technologies. Also:<\/p>\n<ul>\n<li>55% of executives said they use identification and classification with data leak protection<\/li>\n<li>41% said they deploy host IPS and protection tools.<\/li>\n<li>However, 94% have either fully or partially deployed encryption tools.<\/li>\n<\/ul>\n<h2>Companies in Brazil, Pacific Rim report readiness to deal with security<\/h2>\n<p>In the Americas, Brazil stood out as the country where companies are most ready to tackle today\u2019s security challenges, with 26% of companies self-reporting that they are in a mature stage of preparedness.<\/p>\n<p>Meanwhile, companies in Canada (9% in mature stage), the U.S. (13% in mature stage) and Mexico (12% in mature stage) demonstrate low levels of readiness compared to the global average.<\/p>\n<p>In Asia-Pacific, organizations in Indonesia (39% in mature stage), the Philippines, and Thailand (27% each in mature stage), top the chart both regionally and globally. On the other hand, companies in richer countries like Japan (5% in mature stage) and South Korea (7% in mature stage) are at the bottom in security preparedness.<\/p>\n<p><strong>SEE: Beware the perils lurking in the <\/strong><a href=\"https:\/\/www.techrepublic.com\/article\/shadowit-leaves-security-grappling-low-visibility\/\"><strong>IT assets<\/strong><\/a> <strong>you don\u2019t see (TechRepublic)<\/strong><\/p>\n<p>Gillis said it\u2019s important to note that companies self-reported for the study and that the variance points to the key issue with mature security frameworks: companies in some South American or South Asian nations, for example, are young, started building out platforms more recently, and therefore are better positioned to deploy security solutions across their assets and infrastructure.<\/p>\n<p>The study found that in Europe, in contrast, less than 10% of companies are deemed mature enough to tackle today\u2019s cybersecurity issues. The UK and Germany are two exceptions, with 17% and 11% companies in a mature state of readiness respectively.<\/p>\n<p>Mid-sized companies most prepared for cyberattacks<\/p>\n<p>The Cisco Index reported that mid-sized firms of between 250 and 1,000 employees are best prepared, with over 19% of such firms reporting they are at a mature stage of overall readiness compared to 17% of larger businesses with 1,000 or more employees.<\/p>\n<p>The study said smaller organizations, those that fall below what it calls the \u201csecurity poverty line\u201d are the least well-prepared, with just 10% being mature in their readiness. The Cisco Index also noted that these smaller enterprises, which often serve as vendors to larger organizations, are therefore a <em>de facto<\/em> target for lateral attacks on their much larger clients, which otherwise have strong security practices in place.<\/p>\n<p> <!-- default newsletter at the end --> <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Image: CROCOTHERY\/Adobe Stock In Cisco\u2019s new Cybersecurity Readiness Index, only 15% of respondents to the global survey said their organizations have implemented security programs mature enough to defend against current cybersecurity risks. While most enterprises have some collection of cybersecurity measures deployed, a full 82% of the 6,700 chief information security officers and other cybersecurity [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":88576,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29,40,783,56,287,27],"tags":[],"class_list":["post-88575","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cisco","category-cloud","category-cloudsync","category-cybersecurity","category-security","category-software"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/88575","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=88575"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/88575\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/88576"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=88575"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=88575"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=88575"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}