Following research conducted on 8,000 safety managers from 30 countries, including Europe, it emerges that only 1% of Europen companies have a “mature” level of preparation, i.e. adequate to face the growing cyber threats. The investigation Cisco Cybersecurity Readiness Index 2024 highlights, first of all, that companies continue to be targeted with a variety of increasingly effective techniques: phishing, ransomware, malware e social engineering.
At the same time, there is a significant problem: the companies themselves encounter constant difficulty in… defend yourself adequatelyand this is mainly due to cybersecurity solutions that are too complex to manage.
Furthermore, in most cases, employees and collaborators find themselves cooperating from different places: this is the concept of hybrid work which increasingly sees the use of other people’s networks to connect with company resources. Cisco notes that 22% of companies surveyed said their employees have been online for at least six different networks in the space of just one week.
Cisco Cybersecurity Readiness Index 2024: what are the pillars that constitute every company’s line of defense
To create the Cisco Cybersecurity Readiness Index 2024 report, they were taken as measurement criteria 5 pillarswhich constitute a company’s main line of defense: Identity Intelligence, Network Resilience, Machine Trustworthiness, Cloud Reinforcement e AI Fortification. Each of them, Cisco highlights, in turn includes 31 different solutions and capabilities.
When evaluating the preparation of each company with respect to modern cyber attacks, Cisco has framed each reality using a different judgment: Beginner, Training, Progressive e Mature.
We said that in Europe only 1% of companies are at the most advanced level Mature. And although the trend is growing, the percentage is similar at a global level, equal to 3%.
Conversely, 78% of those interviewed declared that they were at the lower “steps”, i.e Beginner o Training.
The pillars for protecting the company and its data from cyber attacks
The “pillars” described by Cisco represent the key areas that organizations must focus on to ensure one cybersecurity effective and resilient. We mentioned them briefly above, and here they are explained in a little more detail.
Identity Intelligence
It refers to an organization’s ability to intelligently manage digital identities within its ecosystem. Includes the identity monitoring in different situations and contexts, the analysis of identity behavior to identify any anomalies, the continuous assessment of risks associated with the identity and the detection of passwordless authentication mechanisms. The goal is to ensure that only authorized individuals can access resources, while providing a seamless user experience.
Network Resilience
This pillar focuses on an enterprise network’s ability to resist cyber attacks and to recover quickly in the event of a breach or disruption. It includes strategies such as network segmentation, micro-segmentation, the use of firewalls, the detection of anomalies in network behavior and tools to analyze encrypted traffic without deciphering it. The goal is to ensure that the net stay operational and protected even in emergency situations.
Machine Trustworthiness
In this case we are talking about the intrinsic security of machines within an organization, including IoT devices and operating systems. This area includes topics such as machine authentication, machine management, detection of anomalies in the behavior of endpoints and integrated protection tools such as firewalls and threat detection systems.
Cloud Reinforcement
Here we focus on security of cloud services used by the company. With respect to this pillar, it is necessary to focus on “ad hoc” solutions such as firewalls for resources hosted in the cloud, on dynamic protection from vulnerabilities, on tools to protect applications and analyze network traffic, on the implementation of consistent security policies across multiple cloud environments. The goal is to ensure that data and resources hosted in the cloud are protected from cyber threats.
AI Fortification
This last pillar refers to the use ofartificial intelligence (AI) to improve the organization’s cyber defenses. It has to do with understanding the threats posed by AI itself and malicious actors using it, integrating AI into machine identity and security solutions, as well as using AI to improve resilience network and strengthen cloud security.
Many solutions for security management, poor results
The traditional approach based on adopting more cybersecurity solutions did not produce effective results. 75% of respondents admitted that having multiple solutions slows detection, response and recovery times from a IT accident. 63% said they had implemented ten or more cybersecurity solutions, while 22% said they used 30 or more.
Numbers that appear truly impressive in a negative sense. Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration of Cisco, wanted to underline how today’s companies must prioritize investments in integrated platforms and rely on artificial intelligence to enable effective defense, at the level of each individual endpoint.
The atavistic problem of insecure and unmanaged devices
The data shared by Cisco in its updated report also highlights a complex situation that has to do with the use of unsafe devices within the company network, locally or remotely.
85% of companies said their employees access company platforms through unmanaged devices: this means that those who use these tools are perfectly capable of establishing a connection with the company infrastructure from a terminal which, potentially, may not comply with the policy company security.
A problem further exacerbated by the fact that users use multiple third-party networks to connect with corporate systems. This is an aspect that cannot and should not be underestimated: connecting from someone else’s network can mean exposing company resources to further risks.
Cyber incidents: they remain a problem in the present and in the future
Browsing the conclusions that the Cisco Cybersecurity Readiness Index 2024 brings out, we learn that according to 63% of those interviewed, a cybersecurity incident would be able to disrupt their business in the next 12 to 24 months.
An unpreparedness that can cost dearly: 33% of those interviewed declared that they had suffered an accident related to safety…