Cisco Eyes Most Impactful Security Practices
December 3, 2020
2021 Security Outcomes Study, offering
actionable insights for practitioners deciding where to focus their efforts in
the year ahead. The double-blind, independently analyzed survey of 4,800
security, IT and privacy professionals across 25 countries pulls back the
curtain on what specific practices foster greater security. The results offer
security teams a blueprint for success beyond managing risk, but also enabling
the business and operating efficiently.
The survey revealed that change is a primary factor in cybersecurity success. On
average, programs that include a proactive, best-of-breed tech refresh strategy
are 12.7% more likely to report overall security success – the highest of any
practice. Unfortunately, not all organizations have the budget or expertise to
make this happen, also known as the “Security Bottom Line.” A strategy to
migrate to cloud and SaaS security solutions can help close this gap.
Subscription-based solutions are affordable, easy to deploy and integrate, while
automatic updates ensure the technology is continually modernized without
additional cost or effort.
Other key findings from the report include:
well-integrated technology stack is the second most important factor for
cybersecurity success. It has a positive impact on nearly every outcome
evaluated, increasing the probability of overall success by an average of 10.5%.
Interestingly, integrations also benefit the recruitment and retention of
talent, as security teams want to work with the best technology and avoid
Integration is also the most significant
factor in establishing a security culture that the entire organization embraces.
Instead of traditional security training programs, which did not correlate with
positive culture, invest in technology that is flexible and frictionless.
As a standalone practice, simply knowing
potential cyber risks appears to correlate the least with overall success. This
seems surprising, but points to the importance of a comprehensive threat
intelligence and incident management program with the ability to both mitigate
and remediate. In fact, practices such as timely incident response and accurate
threat detection correlate much more strongly with overall security success.
“Security practitioners need to make fast,
informed decisions. Yet they are often armed with dozens of tools from multiple
vendors, requiring a fair amount of duct tape to get them to work together. This
creates complexity, cost, and overhead,” said Mike Hanley, Chief Information
Security Officer at Cisco. “Cisco’s 2021 Security Outcomes Study helps teams
prioritize practices that not only secure the business, but also play a
significant role in enabling its growth and success. Even in the face of an
ever-changing threat landscape and shrinking budgets, successful security
outcomes are possible.”