At a time when CISOs are struggling to defend their organizations against the evolving threat landscape, a new study by Cisco brings some shocking revelations by highlighting that more than one-third (37%) of cyber security technologies used by companies in India are considered outdated by security and privacy professionals working at these organizations.
The study titled: “Security Outcomes Study Volume 2″, reasons that it is more critical than ever for companies in India to refresh the technologies and solutions in their cyber security infrastructure in order to survive and stay afloat.
The study is based on a global survey of more than 5,100 security and privacy professionals across 27 markets. This includes more than 2,000 professionals from 13 markets in Asia-Pacific and aims to determine the most impactful measures teams can take to defend their organizations against the evolving threat landscape. Respondents, including professionals from companies in India, shared their approaches to updating and integrating their security architecture, detecting and responding to threats, and staying resilient when disaster strikes.
Respondents from India also consider their cyber security infrastructure unreliable and complex, with 33% and 40% respectively highlighting this in the survey.
The good news is that companies in India are addressing this by investing in modern cyber security technologies to improve their security posture. Nearly nine in 10 (89 %) respondents in India said their company is investing in a ‘Zero Trust’ strategy, with 44% saying their organization is making steady progress with adopting it and 45% saying they are at a mature state of implementing it.
In addition, 88% of respondents said their company is investing in Secure Access Service Edge (SASE) architecture, with 44% making good progress with adoption and a similar number saying their implementation is at mature levels.
These two approaches are crucial to building a strong security posture for companies in the modern cloud-first and application-centric world. Organizations are facing multiple challenges while operating in this environment, including complexity in connecting users to applications and data across various cloud platforms, inconsistent security policies across disparate locations and networks, difficulty in verifying the identity of users and devices, lack of end-to-end visibility of their security infrastructure, etc.
The SASE architecture is widely seen as an effective way to address these challenges. Simply put, SASE combines networking and security functions in the cloud to deliver secure access to applications anywhere users work. Zero Trust, meanwhile, is a simple concept that involves verifying the identity of each user and device every time they access an organization’s network to reduce security risks.
The value of cloud-based security architectures cannot be overstated. According to the study, organizations with mature implementations of Zero Trust or SASE architectures are 35 % more likely to report strong security operations than those with nascent implementations.
Vishak Raman, Director, Security Business, Cisco India and SAARC, added, “Cisco’s Security Outcomes Study indicates where the biggest gaps lie in India Inc.’s cyber security posture. In response, nearly 60 % of companies are expanding their investments in cloud-based security technology plans. As they ramp up these efforts, they must focus on building a robust cloud-based, integrated, and highly automated architecture to ensure agility and intelligence in threat remediation and enable visibility and management of newly distributed users and applications.”
The global findings are more or less in sync with the India findings as it is see that organizations that leverage threat intelligence achieve faster mean time to repair (MTTR), with rates 50% lower than non-intel users. At the same time, companies with integrated technologies are seven times more likely to achieve high levels of process automation. Additionally, these organizations boast over 40% stronger threat detection capabilities.
The study also finds that the threat landscape continues to evolve, testing business continuity and disaster recovery capabilities regularly and in multiple ways is more critical than ever, with proactive organizations 2.5 times more likely to maintain business resiliency. One key observation is that organizations with board-level oversight of business continuity and disaster recovery operations within cybersecurity teams perform best.