As you engage with your customers about their cybersecurity practices and investments, achieving security resilience is the goal for organizations of all sizes. Two years ago, we started the conversation focused on what works in cybersecurity with the launch of our first Security Outcomes report. And last year, we explored that question further by focusing on the outcomes that are most relevant for small and midsize businesses in our 2021 Security Outcomes Study.
This week we launched our Security Outcomes Report, Volume 3: Achieving Security Resilience. In this report, Cisco Secure explores seven data-backed success factors critical for boosting cyber resilience. By analyzing the data collected from over 4,700 security professionals across 26 countries, we set out to identify the vital organizational, IT and security components businesses of all sizes should implement to move toward greater resilience in the face of emerging threats.
Many organizations from small to enterprise trust the expertise from a partner to help strengthen their cybersecurity strategy amidst the rapid and often disruptive changes of today's business environment. The goal of this report is to help your customers make more informed, confident decisions around their cybersecurity strategies to set their organizations up for success no matter what the future holds. Aligning your customers' security investments and decisions with outcomes to help them achieve security resilience allows you-as a#CiscoSecurePartner-to continuously act as a trusted advisor across your customers' businesses.
Leaders looking to improve security resilience might start at the top by establishing executive support, but they shouldn't stop there. They should endeavor to cultivate a culture of security throughout the organization, because our data shows that organizations able to do that will see a 46% boost in resilience scores over those with poor securityculture.
In a strong security culture, employees are treated as part of the solution rather than the problem. Security staff understand their role in the context of the organization and non-security staff know they have a role to play too. This may be seen by regularly reporting phishing attempts, potential malware, and other incidents. Security isn't a negative theme in employee satisfaction surveys or exit interviews. Conversely, frequent security policy violations and workarounds are evidence of poor security culture.
"By 'culture,' we don't mean annual compliance-driven awareness training. Cybersecurity awareness is what you know; security culture is what you do. When organizations score better at being able to explain just what it is that they need to do in security and why, they make better decisions in line with their security values, and that leads to better overall security resilience."
-Wendy Nather, Head of Advisory CISOs, Cisco
Cloud architecture and migration have been big topics for quite some time now among IT and security teams alike. Many have gone all-in on the cloud from infrastructure to software, while some remain staunchly entrenched in their on-premises environments. But which of those strategies is more conducive to security resilience? Would you believe that the answer is both?
Organizations with more extensive hybrid environments exhibit resilience scores that are statistically on par with the on-premises (or fully cloud) baseline-provided they're able to simplify management. If not, those resilience gains are erased as the organization languishes in that hard-to-manage hybrid state. Overall, there's a 15% difference in resilience scores between early hybrid cloud environments that are difficult to manage and advanced cloud deployments that are simpler to manage.
The acceleration in hybrid work-including a mobile workforce, the proliferation of devices, and the hyper-distribution of applications over multiple cloud providers-has resulted in growing challenges to securing this widespread interconnectivity that outpaces human scale. The current prevailing secure connectivity model is inadequate to address these challenges. As a result, end users and IT professionals alike face a reality where their experiences are both fragmented and exposed. Secure access service edge (SASE) offers a strategy to converge networking and security into a cloud-delivered service, simplify operations, and remain resilient in the face of ever-changing business demands. Do we have evidence from our report that SASE does indeed correlate with improved resilience? Yes! Read more on this in the report.
It's hard to protect against new threats with yesterday's technology. A strong refresh practice also presents a great opportunity for you as the partner. Cisco Secure has some compelling partner offers built out for migration and competitive displacement, most notably we have new discounts specific to our Cisco Secure Firewall and a Partner-led One Year On Us offer that you should leverage.
I encourage all of our partners to check out all of the findings in the Security Outcomes Report, Volume 3: Achieving Security Resilience and share it with your customers. Take these findings into your customer engagements and use them as a foundation for a discussion about the outcomes your customers are hoping to achieve and how you can help them take that next step. Together we can help support our customers to use their security investments to grow their businesses and achieve extraordinary outcomes.
We'd love to hear what you think. Ask a Question, Comment Below, and Stay Connected with#CiscoPartners on social!
Cisco Partners Facebook | @CiscoPartners Twitter | Cisco Partners LinkedIn| @CiscoPartners Twitter | Cisco Partners LinkedIn