A global survey of 5,123 active IT, security and privacy professionals conducted by YouGov on behalf of Cisco found well over a third of organizations (39%) are relying on what they consider to be outdated security technologies.
Overall, the survey found organizations that upgrade IT and security technologies quarterly are about 30% more likely to excel at keeping up with the business than those that upgrade only every few years. The survey also suggested that security operations teams that integrate people, processes and platforms see a 3.5X performance boost over rivals. Automation also more than doubles the performance of less experienced people, the survey suggested.
Wendy Nather, head of advisory chief information security officers (CISOs) for Cisco Duo, a multifactor authentication platform, said the survey makes it clear there is a clear benefit to relying on vendors such as Cisco or a managed service provider (MSP) that automates the update process. However, while outsourced detection and response teams are perceived to be superior, an internal security team is still faster in terms of mean-time-to-respond (MTTR) to a cybersecurity event (six days versus 13 days).
Not surprisingly, the survey also found organizations with integrated technologies are seven times more likely to achieve high levels of process automation. Organizations that claim to have mature implementations of zero-trust or secure access service edge (SASE) architectures are 35% more likely to report strong security operations. In addition, organizations that leverage threat intelligence achieve 50% faster mean-time-to-repair when recovering from a cybersecurity attack.
Finally, the survey found the probability of maintaining business resilience doesn’t improve until business continuity and disaster recovery capabilities cover at least 80% of critical systems and that organizations that regularly test their business continuity and disaster recovery capabilities in multiple ways are 2.5 times are more likely to maintain business resiliency. Organizations that make chaos engineering a standard practice are also twice as likely to achieve high levels of resiliency, according to the survey.
Nather said cybersecurity teams should also invest more in observability and threat intelligence tools. Many cybersecurity teams are overly confident in the level of security they have implemented only to discover that, once provided with access to metrics, that the amount of malware in their environment is much higher than they thought. Until that moment arrives, many organizations are suffering from cybersecurity ‘ignorance is bliss,’ she added.
Regardless of the current level of confidence in cybersecurity, Nater noted that the shift to remote work coupled with investments in digital business transformation initiatives will drive more organizations to revisit their cybersecurity strategies in 2022. Organizations will also need to reconsider their approach to cloud security given the number of misconfigurations that are made by DevOps teams using infrastructure-as-code (IaC) tools to provision infrastructure with little appreciation for DevSecOps best practices.
Ultimately, the issue organizations must come to terms with is that trying to protect legacy infrastructure is much harder than relying on either a cloud service or an as-a-service platform that is continuously updated by someone else. Unfortunately, not every organization can afford to rip and replace all their legacy infrastructure overnight.
Build, automate, and manage your infrastructure on the most popular cloud platform – AWS
