Cracking the Code in order to Security Resilience: Classes from the most recent Cisco Security Outcomes Report
<h3> <strong> <em> “There’s therefore much left to learn, and I’m on the path to learn.” -Cat Stevens (Yusuf) </em> </strong> </h3>
2 yrs ago, we asked the question: What actually works in cybersecurity?
Not really what everyone’s doing-because there are many cybersecurity reports on the market that answer that question-but which data-backed practices result in the outcomes you want to implement within cybersecurity strategies?
The result was the very first Security Outcomes Report , by which we analyzed 25 cybersecurity practices against 11 desired outcomes. And as a result of a big international respondent group, with the mighty data science powers of the Cyentia Institute together, we got the right data that raised as much questions since it answered. Sure, we found some strong correlations between outcomes and practices, but why did they correlate?
Year last, our second report focused in at the top five most highly correlated practices and tried to reveal greater detail that could give us some help with implementation. We discovered that certain forms of technology infrastructure correlated more with those successful practices, sufficient reason for the outcome we’re seeking therefore. Is architecture destiny with regards to good security outcomes really? It does seem to be the full case, but we’d more research before us to become more confident in a statement that sweeping.
All the while, we’ve been hearing readers considering what they’d prefer to glean out of this extensive research. One big question was, “Just how do these practices are turned by us into management objectives?” Quite simply, given that some data are had by us on practices we have to be implementing, just how do we set measurable goals to take action? I’ve led workshops in the united kingdom and in Colombia to greatly help CISOs set their very own objectives predicated on their risk management priorities, and we’ve worked to recognize longer-term targets that want close alignment with business leaders.
<img class="aligncenter wp-image-422338 size-medium" src="https://infracom.com.sg/wp-content/uploads/2022/12/WendyImage-300x200-1.jpeg" alt width="300" height="200" />
<h2> <span> <strong> Achieving security resilience </strong> </span> </h2>
Another question that took a front-row seat inside our presentations and just wouldn’t leave: the main topics cyber resilience, or security resilience. It’s reached the status of a buzzword in the security industry almost, but you can realize why it’s ubiquitous.
<blockquote>
<h3> “On the list of upheaval of the pandemic, political unrest, economic and climate turbulence, and war, many people are struggling to find a fresh ‘business as usual’ declare that includes having the ability to adapt easier to the shaky ground beneath them.” </h3>
</blockquote>
But precisely what is security resilience , anyway? What does it mean to security practitioners and executives round the global world? And which are the associated cybersecurity outcomes that people can identify and correlate? We realize it doesn’t simply mean preventing bad things from happening; that ship has sailed (and sunk). We also understand that security resilience doesn’t always mean full recovery from a meeting or condition which has knocked you down. Rather, this means continuing to use during a detrimental situation, either at partial or full capacity, and mitigating the consequences on stakeholders. Speaking ideally, security resilience means learning from the knowledge and emerging stronger also.
<h2> <span> <strong> What’s new in Volume 3 </strong> </span> </h2>
Security resilience may be the focus of the 3rd level of our Security Outcomes Report: Achieving Security Resilience . It tells us how 4,700 practitioners across 26 countries are prioritizing security resilience: what this means to them, what they’re doing to attain it successfully, and what they’re fighting. Once again, the info gives us interesting suggestions to ponder.
<strong> A stronger security culture boosts resilience by around 46%. </strong> By “culture,” we don’t mean annual compliance-driven awareness training. Cybersecurity awareness is everything you know; security culture is everything you do. When organizations score better at having the ability to explain just what it really is that they have to do in security and just why, they make smarter decisions consistent with their security values, and leading to raised overall security resilience.
<strong> It doesn’t matter just how many people you have; it matters whether you have some of them obtainable in reserve to react to events. </strong> Organizations with a flexible pool of talent internally (or on standby externally) show from 11% to 15% improvement in resilience. Making sense, as a completely leveraged team will undoubtedly be strained if they need to work even harder to defend myself against an incident.
Because so many organizations all over the world want to the NIST Cybersecurity Framework as a guidepost for cybersecurity practices, we also analyzed which NIST CSF capabilities correlated most strongly with this set of resilience outcomes . For instance, our survey respondents that an excellent job tracking key systems and data are almost 11% more prone to master containing the spread and scope of security incidents. In one angle, this appears like an obvious result, worth mentioning hardly. Alternatively, it’s worth presenting to your management some data that presents that buying asset inventory solutions does indeed have long-range effects on your own capability to stop an intrusion.
<figcaption id="caption-attachment-422340" class="wp-caption-text"> NIST Cybersecurity Framework activities correlated with security resilience outcomes. </figcaption>
</figure>
And much more there’s. The report identifies-and then explores- seven success factors that, if achieved, boost our way of measuring overall security resilience from the bottom 10 th percentile to the top 10 th percentile . Included in these are establishing a security culture and resourcing response teams properly, among others.
I am hoping this introductory blog-the first in a string exploring this latest report-whets your appetite to learn the report itself. And remember, we have been always looking to reveal another undiscovered insight leading to raised security outcomes. Please share your quest and feedback requests around in the comments below, or speak to us at the next security conference .
<strong> For more insights like what you’ve observed in today’s blog have a look at the </strong> <a href="https://www.cisco.com/c/en/us/products/security/security-outcomes-report.html?utm_medium=web-referral&utm_source=blog&utm_campaign=umb-fy23-q2-content-ebook-security-outcomes-report-v3&utm_term=pgm" target="_blank" rel="noopener"> <strong> <em> Security Outcomes Report, Volume 3: Achieving Security Resilience </em> </strong> </a> <strong> . </strong>
Explore more data-backed cybersecurity research along with other blogs on security resilience:
<hr />
<em> We’d want to hear everything you think. Ask a relevant question, Comment Below, and Stay Linked to Cisco Secure on social! </em>
<strong> Cisco Secure Social Channels </strong>
<strong> <a href="https://www.instagram.com/CiscoSecure/" target="_blank" rel="noopener noreferrer"> Instagram </a> </strong> <br /> <strong> <a href="https://www.facebook.com/ciscosecure/" target="_blank" rel="noopener noreferrer"> Facebook </a> </strong> <br /> <strong> <a href="https://twitter.com/CiscoSecure" target="_blank" rel="noopener noreferrer"> Twitter </a> </strong> <br /> <strong> <a href="https://www.linkedin.com/showcase/cisco-secure" target="_blank" rel="noopener noreferrer"> LinkedIn </a> </strong>
<pre> <code> <br>
<br>
You must be logged in to post a comment.