Security confidence may be a thing of the past, according to a report released by Cisco.
The vendor’s 2016 Annual Security Report showed only 45 per cent of organisations worldwide were confident with their security posture in the face of the modern threat landscape.
The study found 92 per cent of executives felt regulators and investors would expect companies to manage cybersecurity risk exposure. Cisco said these leaders were increasing measures to secure their organisations as operations become more digitised.
Cisco chief security and trust officer, John Stewart, described security as resilience by design, privacy in mind, and trust transparently seen.
“With IoT and digitisation taking hold in every business, technology capability must be built, bought, and operated with each of these elements in mind. We cannot create more technical debt. Instead, we must meet the challenge head on today,” he added.
The report also noted cybercriminals were increasingly tapping into legitimate resources to launch effective campaigns for profit-gain and that ransomware alone was worth $US34 million to nefarious actors in 2015.
Cisco said the biggest security risk to business was ageing infrastructure, outdated organisational structure and practices.
Some of the key findings from the report include:
Decreasing confidence, increasing transparency
Less than half of businesses surveyed were confident in their ability to determine the scope of a network compromise and to remediate damage. However, the majority of finance and line-of-business executives agreed that regulators and investors expect companies to provide greater transparency on future cyber security risk. Cisco said this points to security as a growing boardroom concern.
Between 2014 and 2015, the number of organisations that claimed their security infrastructure was up-to-date dropped by 10 per cent. The survey discovered that 92 per cent of Internet devices were running known vulnerabilities. Thirty-one percent of all devices analysed are no longer supported or maintained by the vendor.
SMBs as a potential weak link
Cisco said as more enterprises look closely at supply chains and small business partnerships, they are finding that these organisations use fewer threat defense tools and processes. For example, from 2014 to 2015 the number of SMBs that used Web security dropped more than 10 per cent. This indicates potential risk to enterprises due to structural weaknesses.
Outsourcing on the rise
As part of a trend to address the talent shortage, enterprises of all sizes are realising the value of outsourcing services to balance their security portfolios. This includes consulting, security auditing and incident response. SMBs, which often lack resources for an effective security posture, are improving their security approach, in part, by outsourcing, which is up to 23 per cent in 2015 over 14 per cent the previous year.