Securing the future: Cyber security readiness report
Chapter 4: Cyber security preparedness
The cyber security landscape has shifted. Enterprise adoption of new technologies, such as generative AI, and the increasing use of cloud-based resources expose vulnerabilities in security architecture. Industry analysts Forrester and Gartner agree that trends in technology usage, along with other factors, could require many organizations to implement more modern strategies and tools to maintain cyber security preparedness.
Security leaders recognize the need for change and are determined to implement new capabilities for improving their preparedness. That’s good news, because according to research, many have critical security gaps to fill. For example, approximately 20% of organizations do not have multi-factor authentication (MFA) capabilities in place. Yet MFA is essential for securely supporting anywhere access to cloud-based resources.
Fortunately, 80% of security leaders have initiated a deployment of Secure Access Service Edge (SASE) solutions; with only 4% of respondents at an early stage or having not yet begun.
Clearly, security leaders have made SASE technologies a high priority. In fact, according to the survey, 25% say that moving toward a SASE architecture is among their top three priorities.
Why is SASE so important for cyber security preparedness? Security leaders recognize that managing their network perimeter has become increasingly complicated as they migrate more apps and data to the cloud. SASE solutions can help reduce complexity by integrating networking and security services, providing a unified architecture that is delivered at the edge.
Implementing a Zero Trust model has been another high priority for bolstering preparedness. Zero Trust requires strict identity verification for every person and device trying to access resources on a private network — whether or not those people and devices are within the network perimeter. A Zero Trust approach is critical for protecting apps and data as more organizations support hybrid work.
The Zero Trust model and Zero Trust Network Access tools have gained significant traction among security teams. In our survey, Zero Trust Network Access capabilities had the highest rate of partial adoption among all solutions. Though only 40% of respondents have mature Zero Trust models in place, eventually these capabilities will have high levels of implementation.
Organizations have about the same level of mature implementations of other types of tools, including endpoint protection platforms (EPP) and data encryption solutions. Among survey respondents, about 40% had mature deployments in place.
Implementations of extended detection and response (XDR) capabilities are lagging. XDR capabilities are meant to enhance more traditional solutions by providing more holistic protection with detection and response capabilities across multiple data sources. Tools that promise to unify or simplify security can offer key benefits to businesses. But in our survey, only 29% of respondents have mature XDR implementations in place. Nevertheless, 49% are at least part of the way through their rollouts.
Security leaders, then, understand that they have critical security gaps, and they’re working to close them. As they continue to improve security preparedness, focusing on SASE and Zero Trust solutions should go a long way to address evolving network architectures and a shifting threat landscape. At the same time, however, organizations will have to overcome additional hurdles — including management complexity, a labor shortage, insufficient funding, competing priorities, and a need to strengthen security culture across the workforce.
Continue to Chapter 5: The ineffectiveness of point solutionsThis article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
Key takeaways
After reading this article you will be able to understand:
Survey results from over 4,000 cyber security professionals
New findings on security incidents, preparedness, and outcomes
Considerations for CISOs to secure the future and achieve better outcomes for their organization