Today’s cybercriminals are more relentless and sophisticated than ever before. And defending against them is more complicated than ever, especially in a post-COVID world in which hybrid work has scattered workers, devices, and endpoints far beyond the traditional definitions of a firewall.
So, how prepared are organizations for this new reality?
To find out, Cisco’s 2023 Cybersecurity Readiness Index surveyed 6,700 security workers and leaders in 18 industries globally. They were asked to assess their readiness within 19 solutions across five core pillars of cybersecurity protection: identity, devices, network, application workloads, and data.
From there, the readiness of organizations was slotted into four states:
- Beginner — Organizations at the start of the cybersecurity readiness journey.
- Formative — Performing below average on cybersecurity readiness.
- Progressive — Organizations that are above average in readiness.
- Mature — high performers with a mature and robust cybersecurity strategy. Progressive, those performing above average in readiness.
When viewed across the five core pillars of cybersecurity protection, some initial findings reveal much about the current state of cybersecurity readiness — both the progress and the shortfalls.
Identity Management solutions are a critical first line of defense that enable companies to verify anyone accessing the network. So, it’s no surprise that 24 percent of all respondents ranked Identity Management as the No. 1 risk for cyberattacks, while a full 95 percent have implemented some form of identity management solution. The most popular of these are Integrated Identity and Access Management, which have been implemented by two-thirds. However, more progress needs to be made. Only one in five organizations (20 percent) fall into the Mature category, with a similar number (21 percent) in the Progressive segment. Close to two in three organizations fall into the Formative (38 percent) or Beginner (20 percent) category,
Today, IT and security teams contend with a dizzying array of devices, from the laptops and mobile devices of far-flung workers to many sensors, cameras, and smart machines of IOT. All need to be protected. And in some critical areas, progress is being made. In this pillar, 31 percent of organizations fall into the Mature category, the highest percentage in Cisco’s study, with another 13 percent in the Progressive stage. At the other end of the spectrum, however, more than half (56 percent) fall into either the Formative or Beginner stages, at 28 percent each. With the continuing explosion of connected devices — and the willingness of cybercriminals to exploit them — these vulnerabilities will need to be addressed further.
People, devices, data, and applications all move across the network. So, the network should be the foundation of any security strategy, especially in hybrid work environments that demand new levels of flexibility for employees working far from the office of corporate HQ. Respondents recognize the importance of network security, but their efforts are lagging. More than half (56 percent) are either in the Formative or Beginner stages, while 19 percent are considered Mature.
Today, apps pretty much are the business. And downtime from a breach can create deep damage to productivity, brand equity, and customer loyalty. In Cisco’s survey, the biggest drag on the overall readiness score for companies is Application Workloads. Only about 12 percent of companies are in the Mature stage in this pillar, the lowest across the five pillars, while 65 percent are in the Formative or Beginner stage. Budget is one reason, as only a third have managed to allocate the necessary funds.
Today’s economy depends on data as never before. Protecting it — and your customers’ privacy — is increasingly both a business and regularly imperative. Given the critical nature of data protection, it’s no surprise that high percentage of our respondents fell into either the Mature or Progressive categories. Together, they combined for 50 percent explains why the Mature and Progressive categories, which exceeded others such as device protection. However, another 22 percent remain in the Beginner stage — the second highest across the five key areas.
Beginners to Mature: Speedbumps on the road to security resilience
As Cisco’s survey reveals, despite clear progress, too many companies are lagging in critical areas of cybersecurity. From Cisco’s perspective, an overall strategy of security resilience is essential.
Today, so much depends on data, apps, devices. These must be secured, and they must remain resilient. Resilience is about verifying threats, understanding connections across your organization, and seeing the full context of any situation so you can prioritize and ensure your next action is the best one.
Here are Cisco’s five dimensions to security resilience:
- Close the gaps in your system so you have one, open platform
- See more and always be monitoring
- Anticipate what is next using actionable intelligence
- Prioritize what matters most
- Automate your response so you can bounce back fast. In the end, everyone deserves to be secure, regardless of their economic status or region.
So, cybersecurity readiness — and resilience — must be a priority for all organizations and governments. And, as Cisco’s Cybersecurity Readiness Index affirms, deployment of effective, readily available solutions needs to be accelerated at all levels.