2nd Edition

Tracking the trends and news for IT and IT Security

Paul

Security study finds a few best practices can have a big impact on threat protection

fly-d-63Sg6s3EocE-unsplash-FLY-D-Unsplash.jpegSecurity study finds a few best practices can have a big impact on threat protection>
Silicon Angle – Zk Research
Cisco Systems Inc. just released one of its largest-ever cybersecurity studies, providing a detailed view into the top five security practices proven to be most effective for organizations. Cisco claims that those adopting the top practices can propel their security programs ahead of 79% of other organizations.

Cisco uncovered that across the 25 security practices it analyzed, five stood out from the rest: technology refresh, threat detection, disaster recovery, incident response and security product integration.

Considering 39% of security technologies used by organizations are antiquated, proactively refreshing outdated technologyâ¯is at the top of the list of key security practices. Ciscoâs new study found organizations with modern, consolidated, cloud-based architectures are more than twice as likely to have strong tech refresh capabilities than those using outdated, distributed, on-premises systems. This is a problem I see accelerating over the next few years. The belief that frequent upgrades help security is proven out in the survey data. Organizations that upgrade IT and security technologies quarterly are 30% better at keeping up with their business than organizations upgrading every few years. The main drivers for refreshing security technologies are vendor-led (determined by providers), proactive (based on a predetermined schedule) or reactive (in response to an incident). Nearly 66% of organizations that sync with vendor refresh cycles report strong capabilities.

The reactive approach to upgrades does put businesses at risk because it is often akin to closing the barn door after the horses have escaped. A good example of this is zero trust. In this recent SiliconANGLE post, I discussed how that technology could have minimized the damage from Log4j. Zero trust has been available for a while and companies that were proactive are likely in a better place than ones that were not.

More than three-quarters of professionals surveyed in the study would rather buy integrated solutions than build them. Sticking with a preferred vendor is about twice as likely to achieve well-integrated security technologies as a hands-off approach. Furthermore, organizations with highly integrated systems for identifying critical assets and risks are more than 41% better at threat detection and response.

Developing threat detection and incident response capabilities are third and fourth on the top five list of key practices. According to the studyâs findings, most (92%) organizations with strong people, process and technology â the âp-p-tâ pinnacle â achieve advanced threat detection and response capabilities. This translates into 3.5 times greater performance for threat detection and response over organizations that lack p-p-t.

Organizations that conduct threat detection/response activities such as testing and updating, as well as proactively hunting and engaging in team exercises at least on a weekly basis, experience 30% greater performance compared with those that do them annually or less. Additionally, organizations that make extensive use of threat intelligence are nearly twice as likely to report strong detection and response capabilities compared to those with lower usage.
Link: https://siliconangle.com/2021/12/19/security-study-finds-best-practices-can-big-impact-threat-protection/

Categories:

Tags: