Security awareness and cloud. These are the key points of the strategy that CISOs, corporate IT security managers, have put in place to deal with the increasingly frequent and damaging cyber attacks. This is what emerged from the CISO Benchmark 2019, a study conducted by Cisco on a sample of three thousand security leaders from 18 countries.
A common view among CISOs is that security doesn’t just depend on hardware and software tools: increasingly, employees are the unwitting ones responsible for spreading an attack. In fact, email remains the main means through which cyber threats infiltrate corporate systems. Phishing, combined with the risky behavior of employees, their clicks on malicious links and the lack of attention paid to password management, has prompted CISOs to invest more and more in security training, to develop increasingly stringent IT security policies and to subject employees to numerous operational tests in the form of fake hacker attacks.
As far as the technologies used are concerned, there is a significant decline in trust in artificial intelligence and machine learning , which, although considered essential in the management of alerts, still appear to be too immature tools to represent the cutting-edge technology capable of dealing with malicious attacks. In particular, we note that:
- Trust in
machine learning
declined to 69% in 2019 from 77% in 2018. - Trust in AI has dropped to 66% from 74% in 2018.
- Confidence in automation has dropped to 75% from 83% in 2018.
On the other hand, trust in the cloud, which is considered more reliable, is growing:
- 93% of CISOs surveyed said migrating to the cloud has made their team more efficient.
- Feelings of difficulty in securing cloud infrastructure decreased by 52% in 2019 compared to 55% in 2017.
- Thanks to the cloud, 51% of companies have been able to contain the costs related to cyber breaches. Cloud computing therefore remains the winning solution for those looking for security and flexible and scalable solutions.