Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:10 PM
Connect Directly

Security, Networking Collaboration Cuts Breach Cost

CISOs report increases in alert fatigue and the number of records breached, as well as the struggle to secure mobile devices in a new Cisco study.

RSA CONFERENCE 2020 - San Francisco - The security team, instead of operating in silos, can lower overall post-breach costs if it collaborates with other teams across the organization.

Cybersecurity is still a top priority for executive leadership, researchers say in Cisco's "2020 CISO Benchmark Report." The survey of 2,800 IT decision-makers reveals key trends and pain points as companies face issues such as alert fatigue, mobile security, and private cloud security.

Ninety percent of respondents agree business executives have created clear metrics for assessing the effectiveness of a security program. Time-to-detect ranks highest as a key performance indicator (KPI); however, for reporting to the C-suite or board, time-to-remediate is equally key because it represents the total impact of an incident: downtime, records affected, cost of investigation, lost revenue, lost customers, lost opportunities, and out-of-pocket costs.

Organizations reporting more than 100,000 records compromised in their most severe breach grew from 15% in 2019 to more than 19% in 2020. A major incident has the greatest effect on business operations (36%), followed by brand reputation (33%), finances (28%), intellectual property (27%), customer retention (27%), and supplier relationship (26%), researchers found.

Alert fatigue is a major issue when you consider the number of security products cluttering enterprise environments. There is a gradual trend to reduce complexity through vendor consolidation, with 86% of businesses using up to 20 vendors, and only 13% using more than 20. In 2019, 15% of companies used more than 20 vendors; in 2018, that number was up to 21%.

"We're starting to see this move toward fewer consoles and move toward greater collaboration with other teams," says Wolf Goerlich, advisory CISO with Duo Security (now under Cisco). "CISOs who act on those two trends have better outcomes for the organization."

As companies consolidate their vendor use, they voice a greater challenge to handle the tools they have: 28% feel managing a multivendor environment is "very challenging," up from 20% in 2017. More than half (53%) feel it's "somewhat challenging" and fewer (17%) say the process is easy. "My team is stretched beyond the capabilities for which they can be effective," says Ben Munroe, director of product at Cisco, of common customer concerns.

Respondents who report alert fatigue are more likely to struggle in a multivendor environment: Of those who claim fatigue, 93% receive at least 5,000 alerts per day. The amount of companies receiving 5,000 or fewer alerts per day dropped from 50% in 2017 to 36% in 2020; during the same time frame, the amount receiving 100,000+ daily alerts grew from 11% to 17%.

Network, Security Collaboration Cuts Costs
More than 91% of respondents say they are "very" or "extremely" collaborative; collaboration between endpoint and security teams is also high, at 87%. This trend can have financial benefits in the aftermath of a breach. In 2020, 59% of companies that say they are very/extremely collaborative between networking and security teams experienced a financial impact under $100,000 for their biggest breach, the lowest category offered for breach cost.

"A lot of it has to do with dwell time: How do we detect what's going on in our environment; how do we remediate what's going on in our environment," Goerlich explains. "To detect, you have to have a really solid understanding of what's going on in our networks and the cloud infrastructure we're plugged into."

And who better to detect than the subject matter experts? The networking team has a better understanding of the environment; as a result, team members know what's typical and what isn't. "There's a reduction in time to detect because they understand what normal looks like, so they can help us understand what abnormal behaviors are," he continues.

The networking team can also help stop threats. When a security operations center analyst spots an event, often because good practices they won't pull out the equipment. They'll pass this off to the subject matter experts, and the networking team takes over for quarantine, remediation, and cleanup.

"When you have those tight collaborations, you can say, 'This is what we see, this is what needs to happen,' and the handoff is much smoother," Goerlich says.

Key Concerns: Unpatched Vulnerabilities, Private Cloud
Forty-six percent of businesses report a security incident caused by an unpatched flaw, up from 30% in last year's study. Of those that suffered a major breach due to an unpatched bug, 68% suffered data loss of 10,000 records or more — significantly more than the 41% that lost the same amount due to breaches from other causes.

Mobile security is another key concern for this year's study: 52% of respondents say mobile devices are now "very" or "extremely" challenging to defend. Half of respondents say the same about securing private cloud infrastructure, and 41% say the same about securing network infrastructure.

Building on Data: Cisco SecureX Launch
Alongside its release of its "2020 CISO Benchmark Report," Cisco today launched a new security platform, SecureX. This is meant to connect Cisco security products with the tools in existing enterprise infrastructure, to improve visibility for endpoints, applications, networks, and cloud. The idea is to provide a single view of threat detections and policy violations in one place.

"Fatigued organizations, an overwhelming number of alerts, a need for automation [are] directly reflected in the way we have brought SecureX to market," says Munroe.

SecureX can scan data and traffic from Amazon Web Services, Microsoft Azure, and Google Cloud, along with private data centers. Security operations teams can share context with IT operations and network operations to create and strengthen security policies across workflows, facilitating the level of collaboration that can potentially drive down the cost of an incident.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "10 Tough Questions CEOs Are Asking CISOs."

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-20
IBM Sterling B2B Integrator Standard Edition through and IBM Sterling File Gateway through are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea...
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link ...
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.
PUBLISHED: 2020-10-20
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-For...