Cisco released the results of its 2024 Cybersecurity Readiness Index, which interviewed 8136 business leaders from 30 global markets. The report evaluated 5 aspects to consider the level of preparedness of companies against current cybersecurity threats, which were: Identity Intelligence, Network Resilience, Machine Reliability, Cloud Reinforcement and AI Fortification.
According to Jeetu Patel, executive vice president and general manager for security and collaboration at Cisco, the goal of the Cisco report was to assess the status of these organizations to see how quickly they could return to operations in the event of an attack.
“What we find is that there is a very low level of preparation in organizations. Currently there are many cybersecurity manufacturers that offer between 50 and 100 security solutions on average,” explained Patel. “You would think that this contributes to the well-being of organizations, but the truth is that it has become more complex and has reduced the security efficiency for companies, since it is more difficult to manage these solutions,” he said.
The company reported that 58% of the companies surveyed have 10 or more security solutions in their stack, and that 75% recognize that having multiple services of this type ends up reducing the efficiency of staff to detect, respond and recover from incidents.
For his part, Ghassan Dreibi, Head of Cybersecurity at Cisco, said that the modern world is increasingly interconnected, and an increase in the digitization of companies also implies greater complexity in their operations. Remote work, for example, led to the expansion of the attack surface, as more devices are operating simultaneously and are used from different locations.
“AN AGGRESSIVE IMPROVEMENT IN INVESTMENTS IN TECHNOLOGY AND CYBERSECURITY IS NEEDED, AND CISCO 2024’S CYBERSECURITY INDEX IS AN EXCELLENT STARTING POINT FOR UNDERSTANDING THE REALITY AND MATURITY OF COUNTRIES IN THESE ISSUES”
-GHASSAN DREIBI
“According to the report, 42% of the companies consulted suffered some type of cyber attack in the last 12 months. Another problem is the lack of talent in cybersecurity in many organizations. Cisco’s recommendation is that we need to invest in better solutions to protect more devices,” said Dreibi.
Today, businesses remain the target of a variety of techniques ranging from phishing and ransomware to supply chain and social engineering attacks. Yet 80% of businesses still feel moderately to very confident in their ability to defend themselves against a cyber attack with their current infrastructure. This disparity between confidence and readiness suggests that companies may not be properly assessing the true magnitude of the challenges they face.
‘We cannot underestimate the threat of our own overconfidence. COMPANIES NEED TO PRIORITIZE INVESTMENTS IN INTEGRATED PLATFORMS AND RELY ON AI TO OPERATE AT MACHINE SCALE AND FINALLY TIP THE BALANCE IN FAVOR OF DEFENDERS”
-JEETU PATEL
The Cybersecurity Readiness Index 2024 revealed that only 3% of companies are prepared to deal with current threats, and that two-thirds of organizations are in the initial or formative stages of preparedness.
The main findings of the Cisco report include:
- Forecasting future cyber incidents: 73% of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. The cost of not being prepared can be considerable, as 54% of respondents said they had suffered a cybersecurity incident in the last 12 months, and 52% of those affected said it cost them at least $300,000.
- Ad hoc solutions overload: The traditional approach of adopting multiple ad hoc cybersecurity solutions has not yielded effective results, 80% of respondents admitted that having multiple point solutions slowed down their team’s ability to detect, respond and recover from incidents. This raises significant concerns, as 67 per cent of organizations reported deploying 10 or more spot solutions in their security stacks, while 25 per cent reported having 30 or more.
- Insecure and unmanaged devices add complexity: 85% of companies say their employees access company platforms from unmanaged devices, and 43% of them spend a fifth (20%) of your time connected to enterprise networks from unmanaged devices. In addition, 29% stated that their employees jump between at least six networks over a week.
- The cyber talent gap persists: Progress is being further hampered by shortages of key talent, as 87% of companies highlight it as a problem. In fact, 46% of companies said they had more than 10 positions related to cybersecurity not covered in their organization at the time of the survey.
- Future cyber investments increase: Companies are aware of the challenge and are strengthening their defenses: more than half (52%) plan to significantly upgrade their IT infrastructure in the next 12 to 24 months. This is a significant increase from only one third (33 per cent) that it planned to do last year. Most notably, organizations plan to upgrade existing solutions (66%), implement new solutions (57%) and invest in AI-based technologies (55%). In addition, 97% of companies expect to increase their cybersecurity budget in the next 12 months, and 86% of respondents say their budgets will increase by 10% or more.
Ghassan Dreibi noted that, despite the adverse situation, customers are really trying to improve. Many companies are investing in cybersecurity. They don’t want to wait because they know that threats are becoming more complex. They need tools to protect themselves now.
“Our recommendation from Cisco for companies to be better prepared against current cyberattacks is to boost investments in cybersecurity and adopt a management platform, closing the vulnerability gaps generated by mismanaged devices and insecure WiFi networks, incorporating Artificial Intelligence technology to improve cybersecurity programs and operational resilience, focus on recruiting to close talent gaps, and establish the level of readiness our company has, constantly monitor and act on it,” concluded the Director of Cybersecurity at Cisco.
