Chief Information Security Officers say security is a high priority along with other indicators such as clarification of roles, establishing clear metrics, and cyber risk assessments.
The results are contained in a report from Cisco which has just published the local Australian findings of its sixth annual CISO Benchmark Report. The study is based on a survey of 2,800 security professionals from 13 countries around the globe. It also provides 20 cybersecurity considerations for 2020 – gleaned from data analysis of survey results and a panel of Advisory CISOs.
The results indicated an increased investment in cloud security and automation technologies to combat complexity across the board. In particular, cloud security and automation are used to simplify and speed up response times in security ecosystems; improve visibility into networks; and sustaining collaboration between networking, endpoint and security teams.
According to Steve Moros, Director, Cyber Security, Cisco Australia and New Zealand, “As organisations are faced with accelerating digital transformation due to unprecedented external factors, the need for agile security, simplification and automation is now a necessity.”
“CISOs have been adopting disparate security technologies to reduce exposure against malicious actors and threats which has created substantial complexity and operational challenges in managing their security environment. The question is, have Cyber investments helped organisations decrease the time it takes to detect and remediate?”
Complexity Continues to be Cybersecurity’s Worst Enemy
Digital transformation continues to present itself as an opportunity for IT and security leaders to innovate and gain competitive advantage. But it also carries a tsunami of infrastructure change, which often creates new challenges for security professionals with defeating unknown sophisticated threats looming as a top concern.
The report found that 90 per cent of Australian organisations use between 1 and 20 security vendors, with the other 10 per cent using over 20 vendors.
For 42 per cent of respondents, managing this multi-vendor environment is very challenging.
In addition, Australia is lagging far behind in terms of vulnerabilities patching with 59 per cent of Australian respondents reporting having had an incident caused by an unpatched vulnerability, 13 per cent higher than the global average (46 per cent), and respectively 19 per cent and 23 per cent higher than US and European respondents, respectively.
The local regulatory landscape also means more public scrutiny on data breaches than in any other countries surveyed: post-breach voluntary disclosures are at their highest level since Cisco started its survey five years ago, with 77 per cent of Australian respondents noting that their most recent security breach became known to the public because of voluntary disclosure, above APJC respondents (71 per cent) and the global average (61 per cent).
This complexity is leading Australians to report they feel a lot more cyber fatigue (58 per cent) than other countries and regions such as the US (37 per cent) and EMEAR (38 per cent).
Automation, cloud security and collaboration key
To combat complexity, security professionals are increasing investments in automation to simplify and speed up response times in their security ecosystems; using cloud security to improve visibility into their networks; and sustaining collaboration between networking, endpoint and security teams.
The report found that 74 per cent of Australians plan to increase automation to ramp up their security ecosystems, compared to 82 per cent in APJC, 93 per cent for India and 91 per cent for China.
“Cybersecurity has never been more important than today with remote working, remote education and telehealth becoming our new reality,” Moros said.
“The fact that 91 per cent of Australian executive leadership teams see security as a high priority is great news, but there remain important challenges locally that need to be addressed such as vulnerability patching, mobile devices, and public/private cloud platforms management, multi-vendor environments as well as cyber fatigue.”
Moros said cloud security, automation, vendor consolidation, and collaboration are key to solving the complexity of cybersecurity and mobile workforce protection, and ultimately to securing Australia.
“Today’s IT setups and accelerated digitisation means that companies can no longer get by with siloed security solutions pieced together over time. In the current environment, what organisations need is a simplified and systemic approach to security in which solutions can act as a team, learn, listen, and responds as a coordinated unit,” he said.
“Taking a platform approach, such as Cisco’s SecureX can help simplify an organisation’s approach to Cybersecurity. SecureX delivers unified visibility across users’ entire security infrastructure, including network, endpoints, cloud, and applications, to help accelerate threat response and realise desired outcomes in today’s fast-changing world.”