We are in the paradigm shift when the majority of companies, slowly but surely embracing cloud computing and cloud apps platforms. Cisco’s CISO Benchmark Study 2019 is a global survey participated and represented by 18 countries with 3,200 participants, majority of whom are leaders in the IT field, across many industries from SMEs to multinational corporations, and the newest edition reveals highlights on how companies are adapting and adopting cloud technology at more aggressive levels than any other years prior. However, this comes with a certain level of required caution, especially in the aspect of cybersecurity. The 2019 benchmark, with a theme: “Ready for the unknowns” with the focus of determining how to improve cybersecurity, while keeping full steam ahead with the growing acceptance for cloud systems.
“Ninety three percent of CISOs reported that migrating to the cloud increased efficiency and effectiveness for their teams. The survey showed the use of risk assessments and risk metrics that span across the business, in part due to cyber insurance, playing a more important role in technology selection and helping CISOs focus on their operational practices. Forty percent of respondents are using cyber insurance, at least in part, to set their budgets,” explained Steve Martino, Cisco’s Senior Vice President and Chief Information Security Officer.
The biggest revelation in the survey is the admission from many respondents that their firms lack enough notification system that can alert them if there is trouble in their IT infrastructure. Of all the alerts received, 24.1% of them are actually valid, which means that the configuration used is very sensitive, to a point that a non-problem event is flagged as a problem worthy of an alert. Though this statistics is counterproductive, the good news is the number has steadily declined compared to last year when the survey showed that 34% of alerts were legitimate and requires quick attention and resolution.
The best way to assure security is to lessen the cost of a breach. How can companies do that? Through readiness planning, anticipating the possibility of cyber attacks before it happens, through penetration testing and ethical hacking. The survey shows this is a success story, as 50% of the respondents said that they were able to lower the cost of a breach below $500,000.
The key ingredient in hardening the IT infrastructure and software stack of an organization is to lessen complexity. One technique is to consolidate functions; hence lesser hardware from various vendors are needed to be purchased and maintained by the company for its day-to-day operations. Complexity is the natural enemy of security, a complex system with many moving parts will always be harder to secure than a system with fewer parts.
“Vendor consolidation is on the rise. In 2019, 63% of respondents had 10 or fewer vendors in their environment (up 9% from last year), leading to fewer alert orchestration challenges. By integrating security and trust across the network, cloud, internet, email and endpoints, Cisco is proud to provide a cohesive set of solutions to comprehensively help security professionals detect and protect their entire enterprise,” added Marino.