View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Leadership
  2. Workforce
February 24, 2020

Nearly Half of CISOs Have “Given Up” on Proactive Approach to Security

Only 27 percent are using multi-factor authentication...

By CBR Staff Writer

It’s not easy being a CISO (Chief Information Security Officer).

But even those sympathetic to the gruelling job of keeping an organisation and its assets safe in a world of endless attacks might raise their eyebrows at the latest survey from Cisco, which found that 42 percent of CISOs are suffering from cybersecurity fatigue: defined as “virtually giving up” on proactively defending against malicious actors.

Wait, What?

In its sixth annual CISO Benchmark Report, Cisco surveyed 2,800 from 13 countries to capture data on vendor use, mobile and data centre security, and more.

The report emphasises the pressure CISOs are under in an increasingly complex environment, and the sheer volume of alerts they get of threats to infrastructure. (The “virtually giving up” figure doesn’t represent outright despair at security in general. Rather, it captures the challenge of proactively investigating security alerts.)

Why? The number of organisations who receive 100,000 or more daily security alerts has grown from 11 percent in 2017 to 17 percent in 2020. Only 36 percent get fewer than 5,000 alerts daily. (The rate of legitimate incidents at 26 percent is consistent: while vendor products may be improving, the number of false positives is still stupendous.)

The survey is likely to raise eyebrows about how much work there remains to do on the basics of robust security across the enterprise: only 27 percent of organisations are currently using multi-factor authentication (MFA), Cisco’s survey found. (MFA is widely regarded as one of the fundamental steps toward better security).

Read this: NCSC’s Guidance on MFA for Online Services

Another key concern for 2020, the report notes, is that 46 percent of organisations (up from 30 percent in last year’s report) had an incident caused by an unpatched vulnerability. The consequences of this are worsening: 68 percent of those breached via an unpatched vulnerability suffered losses of 10,000+ data records.

Content from our partners
Resilience: The power of automating cloud disaster recovery
Are we witnessing a new 'Kodak moment'?

Amid the barrage of statistics, the report makes some sensible suggestions for those CISOs not currently employing such approaches, starting with employing a layered defense, “which should include MFA, network segmentation, and endpoint protection.”

CISO Survey: Get the Basics Right, Please

It also urges companies to “focus on cyber hygiene: shore up defenses, update and patch devices, and conduct drills and training”, as well as adopt an “integrated platform approach when managing multiple security solutions.”

The survey is not the first to note that life as a CISO is increasingly stressful: a 2019 report by security vendor Nominet found that a quarter of CISOs worldwide suffer from physical or mental health issues due to stress, with just under one-in-five turning to alcohol or medication, and more than half failing to switch off from their work.

Earlier this month, meanwhile, Cisco itself patched five serious security flaws in various implementations of its Cisco Discovery Protocol (CDP) – including a bug that would allow an unauthenticated attacker to remotely execute code with root privileges.

CDP is a network protocol that is used to map the presence of other Cisco products in the network. It is implemented in most Cisco products including switches, routers, IP phones and IP cameras, security firm, Armis said. Many of these devices “can not work properly without CDP”, and, Armis adds, “do not offer the ability to turn it off.”

See also: Critics Hit Out at Cisco After Security Researcher Finds 120+ Vulnerabilities in a Single Product

Topics in this article : , , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU