At LEAP, Cisco released the KSA findings of its latest Security Outcomes Report, focusing on “Achieving Security Resilience”. Now in its third year, the report is Cisco’s annual security study and consists of responses from more than 4,700 participants across 26 countries, including Saudi Arabia. It identifies the top success factors that boost enterprise security resilience and measures responses against these factors to identify the biggest strengths and weaknesses in current enterprise security deployments.
Why Security Resilience Is Important in Saudi Arabia
The findings in Saudi Arabia revealed that 54 percent of organizations surveyed had experienced a security event that impacted business. The most common incidents were distributed denial of service attacks (60 percent), network or system outages (54 percent), and malicious insider abuse events (40 percent).
These incidents resulted in severe effects for the companies experiencing them, along with the ecosystem of organizations they do business with. With incidents this impactful (64 percent of organizations globally affirmed that cybersecurity incidents impact their resilience) it is no surprise that the main objectives of security resilience are to prevent incidents and mitigate losses when they occur.
Salman Faqeeh, Managing Director, Cisco Saudi Arabia commented: “In the last few years, the Kingdom has taken confident steps towards digitization, bringing new opportunities to the country. This progress must be accompanied hand-in-hand by a sharp focus on cybersecurity.”
He added: “Cisco is uniquely positioned to support the government and businesses of all sizes and across industries in the kingdom, addressing the cyber security challenges they are facing, and helping them increase their security resilience. Our presence at LEAP this year provides us with the perfect platform to engage with our partners and customers while demonstrating our latest range of security innovations and solutions for safer, more secure, and more efficient operations.”
Seven Success Factors of Security Resilience
The report develops a global methodology to generate a security resilience score for the organizations surveyed, identifying seven data-backed success factors most impactful to an organization’s security resilience. These include establishing executive support; cultivating a culture of security; simplifying hybrid cloud environments; maximizing zero trust adoption; extending detection and response capabilities; and taking security to the edge. If achieved, these factors would boost our measure of an organization’s overall security resilience from the bottom 10th percentile to the top 10th percentile.
Globally, security is a human endeavor, as leadership, company culture, and resourcing have a significant impact on resilience:
- Organizations that report poor security support from the C-suite scored 39 percent lower than those with strong executive support.
- Businesses that cultivate an excellent security culture scored 46 percent higher on average than those without.
- Companies that maintain extra internal staffing and resources to respond to incidents resulted in a 15 percent boost in resilient outcomes.
Businesses need to take care to reduce complexity when transitioning from on-premise to fully cloud-based environments:
- Companies whose technology infrastructures are either mostly on-premise or mostly cloud-based had the highest, and nearly identical, security resilience scores. However, businesses that are in the initial stages of transitioning from an on-premise to a hybrid cloud environment saw scores drop between 8.5 and 14 percent depending on how difficult the hybrid environments were to manage.
Adopting and maturing advanced security solutions saw significant impacts on resilient outcomes:
- Companies that reported implementing a mature zero trust model saw a 30 percent increase in resilience score compared to those that had none.
- Advanced extended detection and response capabilities correlated to an incredible 45 percent increase over organizations that report having no detection and response solutions.
- Converging networking and security into a mature, cloud-delivered secure access services edge (SASE) boosted security resilience scores by 27 percent.