Five Tools to Drive Cyber Success

It’s one of the frustrating aspects of security: the best evidence that security policies, procedures, and technologies are working properly is that nothing happens.

To help security quantify the value it brings to an organization, Cisco released its second Security Outcomes Study: Maximizing the Top Five Security Practices in December 2021. It contracted research firm YouGov to survey 5,100 IT and security professionals across 27 countries. YouGov examined 25 general security practices and tested to see how each correlated with the achievement of 11 program-level outcomes.

The analysis identified five drivers of cybersecurity program success:

1. Proactive technology refresh. The organization has a proactive refresh strategy to keep technology up-to-date with IT and security tools available on the market.
   
   
2. Well-integrated technology. The organization has effective technology that is well-integrated to work together.
   
   
3. Timely incident response. The organization has incident response capabilities that are timely and enable effective investigation and remediation.
   
   
4. Accurate threat detection. The organization has capabilities to provide accurate threat detection ahead of potential security events without major gaps.
   
   
5. Prompt disaster recovery. The organization has the ability to recover in a way that minimizes impact and ensures business functions affected by security incidents are resilient.

“Investing in a proactive technology refresh strategy is more important than ever, as on average 39 percent of security technologies used by organizations are considered outdated,” according to a Cisco press release on the report. “Unsurprisingly, organizations with cloud-based architectures are more than twice as likely to refresh than those with more outdated, on-premises technologies.”

The report also found that organizations with mature implementations of Zero Trust or Secure Access Service Edge (SASE) architecture are “35 percent more likely to report strong security operations than those with nascent implementations.” Additionally, organizations that used threat intelligence were able to move twice as quickly to repair damage from security threats.

The report also dived into disaster recovery efforts, finding that organizations that were proactive were 2.5 times more likely to maintain their business resiliency when disaster struck. Cisco also noted that organizations with board-level oversight of business continuity and disaster recovery—with operations part of the cybersecurity team—performed the best.

39%

of security technologies used by organizations are considered outdated

“With the shift to hybrid work, organizations are grappling with the increased complexity of securing a distributed workforce,” said Shailaja Shankar, senior vice president and general manager of Cisco’s Security Business Group, in a statement. “At the same time, they are also dealing with limited staff and budget constraints, so it’s critical for organizations to invest in innovative technologies and security practices.”

To understand more about what those drivers are and what they mean for the security community, Security Management spoke with Helen Patton, an advisory CISO at Cisco Duo and former CISO for Ohio State University. The conversation has been lightly edited for clarity.

SM. This is the second version of this report. Share with me how it differs from the first version that came out in 2020.

Patton. The first version came out with a whole bunch of activities that were correlated positively with having good security programs. The industry hasn’t been around for a long time, so it’s hard to know if you’re doing the right thing. For the first time, we had data that gave insight into activities that leaders were taking that were leading to good, positive outcomes. This is where those top five items come from.

SM. When you read the report, what did you find particularly notable?

Patton. One thing that is notable is that to have a good security program it really means having strong partnerships with IT and the other parts of the business. Well-integrated tech is a good tech refresh program, but it’s often not the security team’s job to do a refresh—it’s the CIOs, etc. You’re dependent on your IT partners to do a good tech refresh. Strategy is how to help your IT partners do that, and we find that if you’ve got cloud-based systems, those systems are more likely to refresh more often than if you have your own homegrown tech stack.

SM. If you’re the CISO at an organization and you want to start to be more proactive on how you address technology refreshes, what advice would you have for putting that into practice?

Patton. There are a number of ways to approach this organizationally, but first: do you have security and tech leadership that are in strategic conversations with the business? Make sure that the people making tech decisions, which are business leaders, understand the technical ramifications of those decisions. There needs to be the right people in the right places as a starting point.

SM. And for the other report findings—how do you recommend CISOs take those findings and adopt them into their organization?

Patton. Read it. And then the benefit is you can take the report to other parts of the organization and ask ‘Do you agree? Is this a problem?’

Then ask: ‘What could we do to strengthen our key activities in our world?’ Most organizations have a security team, but the takeaway is…how do you integrate those things into the strategies you already have?

I think the opportunity is to take this report to your network and ask for ideas, and use that as a basis for a conversation.

Megan Gates is senior editor at Security Management. Connect with her at: [email protected]. Follow her on Twitter: @mgngates.