Mind the gap
The publication of the Cisco Cybersecurity Readiness Index gives us the perfect opportunity to reflect on the contradictions within cybersecurity provision. We know the danger posed by cybersecurity threats, and we know what is necessary to protect against these threats. Yet, while 82% of security leaders recognise that a cybersecurity incident is likely to disrupt their business within the next 24 months, only 15% of companies have the cybersecurity maturity to fully face these threats.
This readiness gap is a source of alarm. Clearly, there are organisations aware of the danger, yet without the defences to protect themselves. However, the gap will include a spectrum of situations. At one end will be organisations who are nearing maturity and who have the programmes in place to implement an effective security posture. At the other end will be the ‘rabbits in the headlights’, organisations who perceive the danger but who are ill-prepared to react before its too late.
The Cybersecurity Readiness Index provides a framework for cyber security professionals to score themselves against best practices within five pillars cybersecurity: ‘identity’, ‘devices’, ‘network’, ‘application workloads’, and ‘data’. Although the recent report is not designed to identify the reasons for the gap between awareness and readiness, there are some hints within the data.
The index suggests that medium sized organisations, and organisations within developing markets tend to have a more mature security posture than larger organisations, and those located in larger, more developed economies. A tempting inference is that larger organisations, and those in developed economies are faced with a technical debt of legacy decisions and systems. This technical debt represents systems that were sufficient to meet the needs of the threat landscape in the past, but which no longer represent best practices. Agile, medium sized business have side-stepped this technical debt and have been able to deploy the systems necessary to face the demands of today’s threat landscape.
Over time we can hope to see the percentage of organisations with mature cybersecurity postures increase and readiness gap decrease. In any case, we need to avoid the scenario of increased use and deployment of technology providing more opportunities for threat actors, without a concurrent improvement in the maturity of cyber security protection.
Do you share my opinion? Would love to hear your thoughts. Drop you comments below.