Cisco: Why some cybersecurity steps are more impactful

With the shift to hybrid work, organisations are grappling with the increased complexity of securing a distributed workforce, and simultaneously dealing with limited staff and budgets.

That’s why it’s more critical than ever for organisations to invest in innovative technologies and security practices, says Shailaja Shankar, SVP and GM of Cisco’s Security Business Group.

But what practices and measures are most impactful?

Cisco’s latest report pinpoints priorities

Cisco’s latest cybersecurity report, Security Outcomes Study, Volume 2 – a follow-up to last year’s report which outlined five key practices to implement – reveals the critical measures teams can take to defend their organisations against what is an ever-evolving threat landscape, helping them take the guesswork out of prioritising security strategies and technologies.

The report surveyed more than 5,100 security and privacy professionals across 27 markets with respondents sharing their approaches to updating and integrating their security architecture, detecting and responding to threats and staying resilient when disaster strikes.

Last year’s study revealed that five practices had an outsized influence on the overall health of an organisation’s security program. These include:

• proactively refreshing outdated technology
• well-integrated security technologies
• timely incident response
• prompt disaster recovery
• investing in accurate threat detection capabilities.

This year’s study analysed these top five practices more closely to identify success factors. So, what are the findings?

Updating and integrating architecture

Investment in proactive technology is more important than ever
Not only does the investment in a proactive technology refresh strategy contribute more to a successful cybersecurity program than any other practice, but recent research suggests it is more important than ever, as on average 39% of security technologies used by organisations are considered outdated. Unsurprisingly, organisations with cloud-based architectures are more than twice as likely to refresh than those with more outdated, on-premises technologies.

Integration of technologies delivers high levels of automation
Organisations with well-integrated security technologies that work effectively with broader IT infrastructure have been found to be seven times more likely to achieve high levels of process automation. Also, these organisations boast more than 40% stronger threat detection capabilities. “We know that modern, well-integrated IT contributes to overall program success,” says Helen Patton, Advisory CISO, Cisco, who recommends looking “for cloud-based security solutions, investigating automation opportunities, and ensuring purchasing requirements include tech integration capabilities”.

Automation doubles performance of less experienced staff
More than 75% of security operations programs that do not have strong staffing resources are still able to achieve robust capabilities through high levels of automation. Automation more than doubles the performance of less experienced staff, supporting organisations through skills and labour shortages. According to Steve Erzberger, CTO, Frankfurter Bankgesellschaft AG, “automation allows our engineers to react to emerging threats in a timely manner. We can now focus on getting the security concepts right instead of continually updating the rules and monitoring the network 24/7.” 

Detecting and responding to threats

Value of cloud-based security architectures cannot be understated 
Organisations that claim to have mature implementations of Zero Trust or Secure Access Service Edge (SASE) architectures are 35% more likely to report strong security operations than those with nascent implementations.

Best-skilled people over headcount
Organisations with huge security teams are significantly more likely to achieve strong detection and response capabilities than those with skeleton crews. But headcount alone won’t make all your SecOps headaches go away or guarantee success. Wendy Nather, Advisory CISO at Cisco recommends choosing “the best-skilled people for your SecOps teams, because that matters more than just the number of headcount”.

Threat intelligence use is key
Organisations that make extensive use of threat intelligence are nearly twice as likely to report strong detection and response capabilities compared to those with lower usage.

Conducting regular testing activities matters
The recurring activities that can potentially improve threat detection and response programs include: testing and updating detection rules and use cases; proactively hunting for signs of malicious activity; engaging in red and/or purpose team exercises. Organisations that conduct these on at least a weekly basis see a roughly 30% lift in performance compared to those that do them annually or less. 

Staying resilient when disaster strikes

Testing disaster recovery capabilities regularly is vital
As the threat landscape continues to evolve, testing business continuity and disaster recovery capabilities regularly and in multiple ways is paramount, with proactive organisations 2.5 times more likely to maintain business resiliency. There are many different ways of testing BCDR capabilities, among them to plan walkthroughs, tabletop exercises, live testing, parallel testing and full production testing.

Board-level oversight critical
Organisations with board-level oversight of business continuity and disaster recovery efforts that have operations residing within cybersecurity teams perform best. If your organisation is struggling to improve disaster recovery capabilities, it might make sense therefore to build them top-down rather than bottom-up.