Cisco has just released its 2017 Annual Cybersecurity Report. The report is a comprehensive and detailed snapshot of the state of cybersecurity today. Luckily, our very own Technical Director, David King, has the ability and expertise to decipher and summarise the findings in easy-to-read segments.
Here then is the first of a three part series related to Cisco’s findings.
Security professionals are reasonably confident of the tools they have invested in but are less sure that they are using them effectively or to their fullest extents. They’re also unsure if these tools actually eliminate or “reduce the operational space” that the bad guys attack.
This is just one of the many findings in the Cisco 2017 Annual Cybersecurity Report, a survey that was conducted over 13 countries and had close to 3000 responses.
The report continues by highlighting the range of different tools and technologies in use by these companies with more than 65% of them using 6 or more products. At the same time many of these products will be from different vendors and less than 45% of organisations use fewer than 5 unique vendors. It’s also highly likely that this percentage is largely from those organisations who use fewer products.
Further worrying statistics from the report show that of the 93% of respondents that experienced a security alert, 44% were not investigated. This could be anything from a mistyped password to an infection, ransomware event or breach going unscrutinised. Of those events that are investigated less than half are remediated, meaning that there are a lot of legitimate alerts out there that are investigated but then have nothing done. Why?
There are many reasons why genuine alerts don’t get remediated. Time, resource, knowledge, acceptance being some of the more obvious ones. What about the impact of the events that aren’t even investigated? The report suggests that these events can have an impact on productivity, customer satisfaction, trust and confidence. An unexpected outage for instance might not be seen as a security event yet it will have an impact and should be thoroughly investigated. 35% of downtime due to a breach lasts more than 8 hours. How would that affect your business?
The Holy Grail for many organisations is having that single pane of glass that shows them their security stance. Something like a drill down traffic light system would be ideal. Using so many tools from so many suppliers means this is still some way off. So what can be done?
Firstly make sure you are getting your products from a reliable source that has the skills to install, configure and support that product. Next, have them managed by a 3rd party so that your resources can be focussed elsewhere and better utilised. If you’re not doing that then have a regular health-check to ensure you are getting the best out of your investment. People obviously want to get the biggest BANG for their BUCK (as the expression goes). We noticed recently, with Petya and WannaCry, that some of our existing clients hadn’t activated paid for features or had “installed and forgotten”. Finally, consider investing in a Managed Detection and Response service, such as that offered by Secon Cyber Security, where the feeds from various products can be managed and optimised on your behalf to identify events and threats.
For more information, read David’s Managed Detection and Response post on LinkedIn.