Content, Content

Cisco Research: Five Key Drivers for Cybersecurity Program Success

Nearly 40 percent of security technologies, on average, used by organizations are outdated, according to a recently released Cisco study on best practices to detect threats and ensure business resiliency.

By comparison, organizations with cloud-based architectures are more than twice as likely to refresh than those with more outdated, on-premises technologies, Cisco said in a follow up volume to the vendor’s initial 2020 Security Outcomes Study. That body of work surveying some 4,800 IT security professionals yielded the five best practices that superseded all others in shaping an organization’s cyber hygiene.

Cisco 2021 Security Outcomes Study: Five Secrets to Risk Mitigation

The 2021 update -- essentially, the second volume -- surveys some 5,100 security and privacy professionals. The report points to these five cybersecurity success factors for partners and customers:

  1. proactively refreshing outdated technology;
  2. well-integrated security technologies;
  3. timely incident response;
  4. prompt disaster recovery; and
  5. investing in accurate threat detection capabilities.

For MSSPs, the report is a timely reminder to audit customers' existing cyber tools and posture, and then roll out more modern approaches to further mitigate customer risk.

Cisco 2021 Security Outcomes Study: Key Takeaways

Highlights of Volume 2's findings include:

1. On updating and integrating architecture.

  • Organizations with integrated technologies are seven times more likely to achieve high levels of process automation. These organizations have more than 40 percent stronger threat detection capabilities.
  • More than 75 percent of security operations programs that do not have strong staffing resources are still able to achieve robust capabilities through high levels of automation.
  • Automation more than doubles the performance of less experienced staff, supporting organizations through skills and labor shortages.

2. On detecting and responding to threats.

  • Organizations that claim to have mature implementations of Zero Trust or Secure Access Service Edge architectures are 35 percent more likely to report strong security operations than those with evolving implementations.
  • Organizations that leverage threat intelligence move twice as fast to repair damage caused by security threats than organizations that do not use threat intelligence.

3. On staying resilient when disaster strikes.

  • Organizations that regularly test business continuity and disaster recovery capabilities and in multiple ways are 2.5 times more likely to maintain business resiliency.
  • Organizations perform best with board-level oversight of business continuity and disaster recovery efforts that have operations residing within cybersecurity teams.

"With the shift to hybrid work, organizations are grappling with the increased complexity of securing a distributed workforce,” said Shailaja Shankar, Cisco’s security business group senior vice president and general manager. “At the same time, they are also dealing with limited staff and budget constraints, so it’s critical for organizations to invest in innovative technologies and security practices.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.