See No Evil, Block No Evil
And then imagine processing power strong enough to make sense of all this data in every language and in every dimension. Unless you’ve achieved that digital data nirvana (and you haven’t told the rest of us), you’re going to have some unknowns in your world.
In the world of security, unknown threats exist outside the enterprise in the form of malicious actors, state-sponsored attacks and malware that moves fast and destroys everything it touches. The unknown exists inside the enterprise in the form of insider threat from rogue employees or careless contractors – which was deemed by 24% of our survey respondents to pose the most serious risk to their organizations. The unknown exists in the form of new devices, new cloud applications, and new data. The unknown is what keeps CISOs, what keeps you, up at night – and we know because we asked you.
This is the 12th consecutive year we’re publishing our findings around the cybersecurity landscape, and the fifth year we’ve conducted a benchmark study of thousands of security leaders. And this report is only the tip of the iceberg of data the survey generated. Over the coming year, we will publish more benchmark data by industry, geography, company size and job function, among other filters. To inform this report, we’ve surveyed more than 3,200 security leaders across 18 countries, asking questions in three categories:
We then compared performance across these areas to see whether, since we started tracking, you’ve made strides in building defenses, detecting cyber threats, and containing data breaches. This report sheds light on what actions are reaping results in strengthening organizational cyber health – so you can learn from your peers.
For example, when we asked, only 35% of you were able to confirm that, “It is easy to determine the scope of a compromise, contain it and remediate from exploits,” suggesting that visibility into the unknown clearly is a key challenge. Maybe it was the “easy” part that threw you, as incidents are often not what they seem. Still, it means 65% of CISOs in the survey have room to improve. And yet we should take comfort from the 46% who said that they “have tools in place that enable us to review and provide feedback regarding the capabilities of our security practice”. If you acknowledge when you can’t see everything, at least you can measure and manage your ability to get better and see more.
While the good fight is far from over, it’s also far from being all bad news. At least some respondents in our survey seem to be feeling good about their jobs. We asked whether you were experiencing cyber fatigue. We qualified this as having virtually given up trying to stay ahead of malicious threats and bad actors. Only 30% of respondents claimed to suffer from cyber fatigue this year. And while almost a third seems like a high number to be tapping the mat and raising the white flag, the drop from last year’s figure of 46% is moving in the right direction and this is worth the fight.
If you consider the ability to see into both the future and past at once seems like a tall order, let’s improve what we can see of the present moment, and look at some of the ways in which we measure up well, and not so well, today against previously reported data.
Interview with Marisa Chancellor Senior Director, Security & Trust Organization, Cisco
You’re defending 70,000 Cisco employees in 400 offices with hundreds of thousands of endpoints.
That’s what I call my attack surface, and so as you can tell, there’s a lot of stuff that people can try to get at. Yes – there are employees and data centers, but we also consume 600 clouds and so we have a true multi-cloud and hybrid cloud scenario to defend.
Tell us about your team’s charter.
We are chartered to defend Cisco and we’re focused on balancing the risk of Cisco as a business doing what it needs to get done, versus the risk of insider and outsider threats. And we focus on driving the right security architecture into our IT organization by looking at the incidents that come in that define the stability of our security posture.
What keeps you up at night?
Well I think for most people who are in security, what keeps us up at night is the unknown. When I think about what I must protect on a daily basis, we have a fantastic team and very capable technology, but we are focusing on the knowns, and the real threat is the unknowns.
We heard from CISOs about the number of alerts they have; do you think there are too many to manage?
That’s true across the industry, but at Cisco on a daily basis, we look at 47 TB of network events on a daily basis and that all translates into about 22 incidents per day, which is impossible for a human to understand. It’s coming at us from all over the spectrum, so we’re having to figure out how to parse through all that information and how to get the technology to work for us. Being able to use machine learning and artificial intelligence to cull through a lot of those alerts allows us to hone in on the riskiest areas on which to focus. We don’t have unlimited budget; therefore, how do we move at machine speed rather than human speed?
See more interview excerpts from Marisa Chancellor throughout this report.
"Our Security & Trust Organization is responsible for protecting Cisco; it’s as simple as that. But the flip side of that is - how do we make sure that we can accelerate the business? It doesn’t do us any good to lock down our entire environment where nothing is moving forward"
Marisa Chancellor Senior Director, Security & Trust Organization, Cisco
