We have heard countless times that, during the COVID-19 pandemic, digital transformation has advanced three years in three months. It is difficult to actually measure this, but the feeling is definitely there. Activities with questionable results in the virtual environment, such as telemedicine and distance learning, which both suffered from socio-economic biases, became an integral part of our daily routine, with no contest. It was this or nothing.
This intensification of our digital life, with shopping, work, leisure, and several other activities that we were able to take into the networks, just shed more light on a confrontation that needs to be collective and global – the fight against cyber threats and crimes. This affected all levels of the cybersecurity landscape, and it has had a particularly broad impact for those in the C-Suite, specifically, the Chief Information Security Officer (CISO).
The history of human behavior has taught us that progress, especially when developed in times of crisis, tends to last, and digitization is the latest example to support this idea. It is also time to recognize that, sooner or later, one of the threats to this new realm will be able to overcome the numerous barriers that we have already raised. So, what is an already over-stressed CISO to do? To simply anticipate the worst, and seek solutions later is not the most strategic alternative in this time of expanding digital business.
Building a Cybersecurity Platform for the Future
The present moment shows us that we need different and innovative approaches to cybersecurity. But wait, this does not mean that, once again, it will be necessary to replace your entire base of equipment and systems. Cisco’s Security Outcomes Study points the way towards observing and actions that can be used to build the cybersecurity platform of the future.
The study is an analysis of the crossing of information collected in interviews with 4,800 cybersecurity executives from 25 countries. A step-by-step guide that generates positive results is available, so you may build strategies on globally implemented foundations.
A CISO’s job is not to serve merely as a figurehead, but to offer vision and a path forward. Instead of looking to the past, pointing out the threats of a period to indicate future trends, the study examines current practices, and the possible percentages of improved efficacy when adopting some of these suggestions. In other words, by recognizing that we cannot use old medicines to face current and future maladies, the study shows us that we also need to innovate in the approach to cybersecurity.
And, as this is not a one-off or isolated challenge, what could be better than using the global insights delivered by cybersecurity professionals to decide where to focus your efforts? Their insights about the most efficient practices, and ways to better manage risks, can enable your cybersecurity practice to operate more efficiently.
Practices with strong success Impact
- Technological update
- Technological integration
- Cybersecurity strategy
- Incident response time
- Metric performance program
- Clear responses to events
- Integration of IT and Cybersecurity teams
The research reveals, for example, that change is a major factor in the success of cybersecurity. On average, programs that include a proactive cutting-edge technology-upgrade strategy are 12.7% more likely to have security success – the highest rate of any practice. Unfortunately, not all organizations have the budget or experience to make this happen. A strategy to migrate to the cloud and SaaS solutions can help close that gap. Subscription solutions are affordable, easy to implement, and integrate, while automatic updates ensure that technology is continually modernized without additional cost or effort. The case for many strategic decisions at the C-Level is often won when cost-reductions are conscientiously coupled with organizational efficiencies. Stated another way, the successful CISO can show the other C-Suite colleagues that effective security need not be excessively costly.
Building a Positive Security Culture Using Integrations
Well-integrated technology is the second most important factor in the success of cybersecurity. It has a positive impact on almost all the results evaluated, increasing the probability of overall success by an average of 10.5%. Interestingly, integrations also benefit the recruitment and retention of talent, as security teams want to work with the best technology, and avoid burnout.
Integration is also the most significant factor in establishing a security culture that the entire organization embraces. Investment in flexible, frictionless technology, as opposed to traditional security awareness training programs, results in a more positive security culture. This is especially important, as the “tone at the top” can be one that is influenced by technology integration, rather than the old-fashioned, somewhat draconian methods of which we are all too familiar.
One of the most surprising findings in the report is that, as a stand-alone practice, simply knowing potential cyber risks seems to correlate less with overall success. It points to the importance of a comprehensive threat intelligence and incident management program with the ability to mitigate and remediate. In fact, practices such as rapid incident response and accurate threat detection correlate much strongly with overall security success.
We are rapidly approaching a global market of 50 billion connected devices, which leads us to understand that there will be at least 50 billion security holes. 5G is also coming, which will affect us in nearly unpredictable ways. For example, the Internet of Things (IoT) will grow to include the entire agricultural industry.
This whole scenario added to the fact that companies are moving up to 70% of their structures to cloud computing, which imposes a difficult challenge to overcome in isolation. In a completely different universe from what we have seen so far, this new analysis, based on the crossing of facts, strategies, and results, shows us that investing in barriers is still a good strategy. However, the more proactive defense is to identify more quickly what affects your organization, and, how and when to respond. The new “best practices” approach leads to keeping networks and IT systems up to date. It moves on to accurate detection, and timely response, and is crowned with building a positive security culture as a collateral result. The findings in the Security Outcomes Study can assist a CISO in managing rapidly shifting and emerging challenges by providing steps that are critical for the current, and future environments.
This blog was originally written by Chris Leach for Cisco Blogs.