By Tom Gillis, Cisco Senior Vice President and General Manager, Security Business Group
As an industry, we’re failing at cybersecurity…but more on that in a moment.
Cisco has released the 2023 Cybersecurity Readiness Index. This study was born of our desire to understand how prepared organizations around the world are to defend against modern security threats and challenges. We divided companies into four stages of readiness: Beginner, Formative, Progressive, and at the top, Mature.
“A mere 15% of organizations globally are deemed to have a mature level of preparedness…”2023 Cybersecurity Readiness Index
The rating methodology looks at companies based on five pillars: identity, devices, network, application workloads, and date. and 19 security solutions within those pillars. The results had significant and interesting variances based on geography, industry, and size of company. But, across the board, we’re simply not ready.
The question of attack is not if, it’s when.
82% of the security leaders surveyed believe they’ll experience a cybersecurity incident within the next 12 to 24 months. Put that number next to the 60% of respondents who said they’ve already had an incident in the last 12 months.
To try to respond or prepare for those incidents, businesses are investing in solutions that come from smaller companies – and that makes sense. Small cybersecurity companies can move faster to respond to developing threats and create threat-specific point products. But again, as an industry, we’re failing because this cure by a thousand band-aids shifts the burden of managing and maintaining cybersecurity onto the end-user.
Point solutions aren’t getting the job done.
Building out point products has been a strategy for a world where we thought we could block everything. That’s been the subtext of the cybersecurity industry for the past 30 years: put a wire fence around everything. Construct that fence from all kinds of different products. We’ll learn where the holes are, we’ll learn how to patch the weak spots. We’ll stop everything.
Threats no longer work that way (if they ever did). It’s an arms race where the bad actors are getting more sophisticated and developing better tools to get through the fence. We know it’s not going to be possible to stop everything – because a fence isn’t a good tool for stopping someone who, say, can convincingly impersonate a credentialed employee.
The only way we can mature cybersecurity readiness is to shift mentality away from strategies purely focused on stopping and start embracing strategies that find and isolate the bad actors that manage to get inside. We need to detect and respond to close those loops where it’s not the defense that’s weak, but an analysis of activity that is lacking.
Five pillars for evaluating readiness.
To achieve a mature state of cybersecurity readiness, businesses need to focus on integrating cybersecurity solutions across five core pillars: identity, devices, network, application workloads, and data. Each of these pillars plays a critical role in protecting businesses against modern cyber threats.
Identity solutions are essential for protecting user identities and access to applications and data. Device solutions are necessary to secure all devices used by employees, including laptops, smartphones, and tablets, regardless of location. Network solutions must be deployed to protect against network-based attacks, including those launched from the cloud. Application workload solutions are necessary to secure both on-premises and cloud-based applications that businesses use daily. Finally, data solutions are required to protect sensitive data and ensure that it is only accessed by authorized users.
By integrating a security platform across these five pillars, businesses can achieve a comprehensive and holistic approach to cybersecurity. This will enable them to detect and respond to threats more quickly and effectively, minimize damage in the event of a breach, and reduce the risk of future attacks.
Overall, businesses must prioritize cybersecurity readiness and take a comprehensive approach to cybersecurity readiness to achieve a necessary level of maturity, which will help safeguard against cyber threats and protect their critical assets.
Learn more about Cisco’s Cybersecurity Readiness Index.