Most companies are deluded about their security says Cisco
The UK is behind many other countries when it comes to security but most companies globally underestimate the threats says a Cisco report
Cisco’s Annual Security Report has revealed that only 41 percent of companies in the UK have “highly sophisticated security processes” in place.
This figure of readiness places the UK below India (54 percent), the US (44 percent) and Germany (43 percent), but above nations like China (36 percent) and Japan (24 percent).
Broken down by sector the capabilities benchmark study in the report reveals that globally government agencies (43 percent) are better placed to handle malicious attacks than financial services organisations (39 percent) and transport companies (35 percent). However, it is utility companies and telecoms companies that have the most sophisticated security processes in place, with 47 percent being “highly sophisticated” according to the study.
The Cisco report also says attackers have shifted their focus from looking to compromise servers and operating systems to seeking to exploit users at the browser and email level.
It also reports a widening gulf between perception and reality of cybersecurity readiness, going by a study of chief information security officers (CISOs) and security operations executives at 1,700 companies across nine countries.
Specifically, the study indicates that 75 percent of CISOs see their security tools as “very or extremely effective”. However, less than 50 percent of respondents use standard tools such as patching and configuration to help prevent security breaches and ensure they are running the latest versions of security software.
“While many defenders believe their security processes are optimised – and their security tools are effective – in truth, their security readiness likely needs improvement,” said Cisco. Cisco adds “it’s time for corporate boards to take a role in setting security priorities and expectations”.
John N Stewart, senior vice president and chief security and trust officer at Cisco, said: “Security needs an ‘all hands on deck’ approach, where everybody contributes, from the board room to individual users.”