The 2020 CISO Benchmark Study: A Single Integrated Platform Can Thwart Alert Fatigue
The CISO Benchmark Study: Securing What's Now and What's Next
The 6th annual CISO Benchmark Study just dropped and it is chock full of valuable information gathered from 2,800 cybersecurity IT decision makers from 13 countries to deep dive into their thoughts, feelings and concerns around their current security solutions. The report complies a top 20 list of considerations for CISOs you can share with other members of your C-suite, or your board of directors, to make concrete recommendations for improving your organization’s security posture. A 20/20 vision for the future awaits you.
According to the World Economic Forum, cyberattacks are perceived as the #2 global risk of concern to business leaders in advanced economies, second only to fiscal crises.
In this report you will discover some key takeaways like:
1. The best way to allocate spend is through income-based objectives
2. Exactly how critical are unpatched vulnerabilities?
3. How challenging is it to protect the mobile workforce?
We asked our survey respondents to tell us how difficult it is to protect various aspects of their infrastructure due to remote access or BYOD devices. More than half (52%) told us that mobile devices are now very or extremely challenging to defend. They’ve overtaken user behavior, which was the biggest challenge from last year’s report .
With a zero-trust framework, you can identify and verify every person and device trying to access your infrastructure. Zero trust is a pragmatic and future-proof framework that can help bring effective security across your architecture – spanning the workforce, workload, and workplace .
A zero-trust framework achieves these three success metrics, among others:
- The user is known and authenticated
- The device is checked and found to be adequate
- The user is limited to where they can go within your environment Having zero trust in place removes much of the guesswork in protecting your infrastructure from all potential threats, including mobile devices .
4. Can vendor consolidation prevent alert burnout?
Our data showed that, for the organizations who are suffering from cyber fatigue, they are far more likely to find a multi-vendor environment challenging. Alongside having to respond to too many alerts and struggling with vendor complexity, we found that having a more impactful breach (in terms of the number of hours of downtime) also increases cyber fatigue. But with over 96% of fatigue sufferers saying that managing a multi-vendor environment is challenging, complexity appears to be one of the main causes of burnout.
The trend to reduce complexity through vendor consolidation continues, holding steady with 86% of organizations using between 1 and 20 vendors, and only 13% using over 20 (Figure 7) .