Lothar Renner

This blog, by Lothar Renner, Managing Director, Cybersecurity, Cisco EMEAR, was originally posted on the Cisco UK & Ireland Security blog. It is reproduced, with thanks, as part of a series of posts celebrating European Cybersecurity Awareness Month 2019. For a variety of views related to cybersecurity, and to learn more about Cisco’s security offerings, visit our European Cybersecurity Awareness Month 2019 page.


In this year’s worldwide Cisco CISO Benchmark Study, we were pleased to see that organisations in Europe are feeling more positive and optimistic about their cybersecurity approach, if their answers to our ‘cybersecurity fatigue’ question are anything to go by.

We asked if their organisation was suffering from cybersecurity fatigue, defined as virtually having given up on staying ahead of malicious actors and threats. 21% of European countries said that they were, which is much lower than the global average (30%).

So, what’s the secret? Why are European organisations suffering less from burnout than their global counterparts?

Let’s take a look at what is different in the European approach that may explain why they are feeling more empowered:

Improvements made after a severe breach

We asked organisations to select three things they did after a severe data breach.  Here are the top 5 trends in European responses, compared to the worldwide figures:

 

Improvement Europe Global
Hired or created CISO position 36% 34%
Increased investment in security defence technologies/ solutions 43% 44%
Increased focus on risk analysis and risk mitigation 37% 39%
Increased focus on preventing security breaches caused by employee-owned mobile devices 36% 36%
Increased enforcement of data protection laws and regulations 35% 37%

Europe was slightly more likely to hire a CISO after a severe breach, which means more strategy, and more time in the boardroom for Security. Hiring a CISO and having strong leadership could well have contributed to the much improved cybersecurity fatigue levels.

Investment levels in tools and technology are very similar, so we must look elsewhere for an answer on confidence levels.

Automation

Europe is very reliant on automation technology to prevent and contain cyber attacks, with 96% of organisations reliant on it in some way, and 30% completely reliant on it.

Tools for automation that provide network context can also give security analysts insight into potential leak path issues. In addition, implementing appropriate segmentation policies can help security teams quickly determine whether unexpected communication between networks or devices is malicious.

Such technologies are powerful tools for visibility, automation and insight, yet the advice is for organisations not to overlook traditional techniques, or the importance of people.

Self-propagating, network-based attacks like WannaCry and Nyetya could have been prevented (or at least had minimised impact) if more organisations had applied fundamental security practices such as patching, setting appropriate incident response processes and policies, and segmenting their networks.

Machine learning

European organisations are using Machine Learning to a lesser extent than automation, but still, it is used by 91% of organisations.  20% are completely reliant on it.

Machine learning is useful for automatically detecting “known-known” threats—the types of infections that have been seen before. But its real value, especially in monitoring encrypted web traffic, stems from its ability to detect “known-unknown” threats (previously unseen variations of known threats, malware subfamilies, or related new threats) and “unknown-unknown” (net-new malware) threats.

The technology can learn to identify unusual patterns in large volumes of encrypted web traffic and automatically alert security teams to the need for further investigation.

That latter point is especially important, given that the lack of trained personnel is an obstacle to enhancing security defences in many organisations.

Overall though, the Europe and worldwide figures for using automatic and machine learning technologies are very similar.

So, we haven’t yet found the real reason behind lower cybersecurity fatigue levels in Europe – so let’s look at some other factors

Managing multiple vendors

No. of vendors Europe Global
1-5 42% 36%
6-10 26% 27%
11-20 21% 22%
21-50 9% 11%
More than 50 2% 3%

Organisations in Europe are managing less security vendors than the global average. 68% are managing less than 10 vendors (compared to 63% globally).

We also asked how challenging it was to manage a multi-vendor environment. 73% of organisations told us it was challenging, 16% said it was “very challenging”.

This may have been the catalyst for consolidation and integration over the past year and would certainly have contributed to overall cybersecurity fatigue levels.

Your security vendors need to be people who aren’t thinking about selling their products, but about protecting your business.

The best way to do that is for security to work as a team. Teams communicate in real time, teams learn from each other, and teams respond as a coordinated unit. Your endpoint security has to work with your network security and with cloud security, and you have to have MFA that speaks to identity and access. And you can only get to securing your business with a platform approach.

When that happens, security becomes easier and more effective.   The stats from our 2019 CISO Benchmarks Study, in that organisations are consolidating and integrating their security environments, tell us that efforts towards a “security as a team” approach is paying off.

What’s next? How to keep things simple

Now that some great work has been done to reduce cybersecurity fatigue levels, have more strategy/C-level roles in the boardroom, and integrate environments, what’s next? What can organisations do now to keep on top of the bad guys?

It’s not about adding a load of tools into your environment. Rather, as we’ve seen above, it’s about making life simpler for you and your security teams.  To achieve this, it might be pertinent to consider a Zero Trust approach.

This approach looks to simplify security by looking at three key areas:

  • Workforce (protect your users and their devices against stolen credentials, phishing, and other identity-based attacks)
  • Workload (managing multi cloud environments and contain lateral movement across the network)
  • Workplace (gain insights into users and devices, identify threats and maintain control over all connections in your network).

To secure the workplace, zero trust starts with establishing a level of trust around the identity of the user and what they can access to work within the organisation’s environment. Having checked the device and authenticated the user, the next fundamental element is controlling what doors to what applications they can enter, and what is considered out of bounds.

The Zero Trust approach is about restricting a user so that they can only enter an area which is approved and relevant to their duties.  This all needs to be done with minimal impact on the end user. Introducing difficulty into any security control area just breeds avoidance. What is appealing about the agile and flexible approach is its ability to bring new applications on board wherever they are found – whether running in the cloud, in a local data centre or a third-party application. No matter where the doors are, they can be open or shut from a central point based on a policy.

The crucial thing is to ‘use what you’ve got’ before replacing everything and making sure that it all comes back to the problem you’re trying to solve. At Cisco we’re committed to third party integration so that our customers are better protected. The bad guys are working collaboratively and connected, so we need to make sure, as an industry, that we’re doing the same. Otherwise we will always be playing the hackers’ game, and having the rules dictated to us.