Uncovering today’s most impactful security practices

Security teams today are facing extraordinary challenges – securing and supporting the rapidly accelerated “work from anywhere” model, protecting a workforce under stressors unlike anything we’ve seen before, and battling a threat landscape that’s constantly adapting to exploit cracks in the system. As the Chief Information Security Officer at Cisco, I am laser-focused on building a program that securely enables our business and allows us to effectively manage risk. And since Cisco always aims to put the customer first, this extends to all parts of our organization, especially security.

Now more than ever, the strategies for accomplishing effective security require that we hone in on the opportunities these unique times present us to transform, modernize, adapt, and overcome. However, it’s not always clear how we can best do that – whether we should invest in improved practices, more professionals, or additional technology. Sometimes our resources simply don’t allow us to do it all.

Key steps for security success

The latest report in our Cybersecurity Report Series is designed to inform the key security decisions that can help us make critical transformations. As the evolution of our previous CISO Benchmark Report, the new Cisco 2021 Security Outcomes Study takes a revolutionary look at the security practices that most influence program success. For example, we found that security teams who proactively refresh their technology, as well as integrate their tools, can significantly improve their risk posture. This makes sense, as an up-to-date, simplified set of technologies is more effective than a complex group of outdated, disjointed products.

Altogether, we analyzed 25 security practices to determine which provide the most opportunity for strengthening organizational defenses. The research is based on a survey of more than 4,800 IT, security, and privacy professionals across 25 different countries, as well as various industries and organizational sizes. Our goal with the study was to make security less elusive. We don’t want you to waste time or money trying things that don’t work. Instead, we offer a blueprint for directly mapping specific actions to their likelihood of fostering greater security outcomes.

We also take it a step further. Some security groups may want to see overall improvements to their program and just need a place to start. Others may have more specific goals in mind. For example, they may want to gain the confidence and trust of executive leadership. Or perhaps they wish to strengthen their overall security culture across all employees and make security a more natural extension of doing business.

In the report, we look at nearly a dozen common security goals such as these. From there, we correlate these goals with the 25 security practices mentioned above to determine which actions most increase the chances of achieving certain outcomes. For instance, we discovered that having up-to-date technology can increase executive confidence in the security organization, and that well-integrated tools can help employees embrace security.

Modern security technologies such as multi-factor authentication and strong endpoint protection keep an organization safer and can provide the executive team with greater peace of mind. And no one wants to work with complicated, siloed tools, making people more willing to embrace security if it’s simpler.

Access the full Cisco 2021 Security Outcomes Study

Renewed focus for the year ahead

Insights such as these can be a real game-changer for security organizations that are looking to make improvements but aren’t sure where to begin. And to be honest, this applies to all security groups at one time or another. Even the largest, most well-funded organizations have to continuously reassess their plans and investments in response to the changing ways in which they do business, or in the aftermath of an incident or major global event.

Personally, this study analyzes several worthy security goals that I’m striving to achieve. These include enhancing the overall security culture of my organization (as highlighted above), as well as preventing major security incidents, just to name a few. As part of our analysis for the report, we also asked respondents whether they are following a zero trust security model, which is another crucial element of security at Cisco. According to our survey, 39 percent of respondents are fully embracing zero trust, while another 39 percent are moving towards the model.

As I mentioned earlier, a sharp focus on customers is paramount to how Cisco operates. That’s why I’m pleased to see that several of the security outcomes included in the report involve enabling the business – not just securing it, but also playing a significant role in the organization’s overall growth and success. Evaluating the security practices that most influence this type of outcome would be beneficial for any customer-focused organization, since a strong security mindset can help a business better protect and serve its customers.

Listen to Wendy Nather, Head of Advisory CISOs at Cisco, and Wade Baker,
Partner at the Cyentia Institute, discuss
why this report is a must-read for security professionals.

A year-round resource for 2021

We hope this study can serve as a resource for you throughout 2021 as you make additional investments and implement new security measures. I know it will serve as a valuable tool for me and my team. Alongside providing the main report, we continue to analyze the data to bring you additional resources including a blog series, and several companion reports that cover specific regions and verticals.

As a fellow security professional, I wish you all the best as we leverage our learnings from 2020 to charter a new course forward. And as always, if you need further guidance, Cisco is here to help.

Watch the replay of our live broadcast to learn about the key findings from our 2021 Security Outcomes Study:
Proven Factors for Your Security Program



Mike Hanley

No Longer with Cisco