Cisco: 54% of Businesses Suffered a Cyber Attack in 12 Months

KEY TAKEAWAYS

  • 54% of 8,000 surveyed organizations faced cyber attacks in the past year, with just 3% deemed "Mature" in readiness against attacks.
  • Cyber threats are escalating due to advanced phishing tactics and an underground market for cybercrime services.
  • 73% of business leaders expect incidents in the next 12-24 months.
  • Insecure and unmanaged devices pose a significant risk — with Work From Home offering so many more vector points for attackers.

Tech giant Cisco has released its 2024 Cybersecurity Readiness Index, which surveys 8,000 private sector security and business leaders — and found that 54% had experienced a cyber attack in the last year.

There are many reasons for this high rate of compromise, but one of the most significant is the rise of distributed remote working and hybrid working environments, which can be more difficult to secure as data is often accessed offsite by unmanaged resources.

As it stands, Cisco finds that just 3% of organizations globally have the “Mature” level of readiness needed to be resilient against today’s cybersecurity risks, compared to 15% last year. This lack of preparedness is also creating a crisis of confidence, with 73% of leaders believing they will experience a security incident in the next 12-24 months.

The study highlights that organizations need to be much more proactive about securing distributed and remote work environments and investing in future-proof cybersecurity practices.

The Challenges of Securing Remote Work Environments

Cybersecurity is becoming increasingly challenging due to the fact that cyber attacks are more accessible to threat actors than ever before.

After all, not only has the rise of large language models (LLMs) like ChatGPT made it easier for cybercriminals to develop phishing and social engineering scams, but there’s also an underground economy of initial access brokers and ransomware as a service (RaaS) providers providing access to advanced threats.

These challenges are enough to contend with — but it’s the widespread adoption of distributed working and remote working post-COVID-19 that makes them even more difficult to address.

Today, data doesn’t just reside in a ring-fenced network but moves fluidly across multiple devices and applications, through cloud environments, and on and offsite. All too many organizations are complacent about using legacy cybersecurity approaches to secure data in a threat landscape that’s simply moving too fast.

“We cannot underestimate the threat posed by our own overconfidence,’ said Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco, in the announcement press release.

“Today’s organizations need to prioritize investments in integrated platforms and lean into AI in order to operate at machine scale and finally tip the scales in the favor of defenders.”

One of the key issues to contend with in distributed environments is the high presence of insecure and unmanaged devices, with the study revealing that 85% of companies have employees accessing company platforms from unmanaged devices.

These devices can be problematic if the user doesn’t keep devices updated with the latest patches, particularly when 52% of organizations breached said the remedy cost at least $300,000.

The Way Forward: Cyber Readiness and Generative AI

In light of these challenges, Cisco’s report provides a number of recommendations to mitigate potential risks.

These include accelerating investment in protective measures across the board, closing vulnerability gaps created by unmanaged devices and unsecured wifi networks (unspecified, but a BYOD policy would be a good place to start), and establishing a baseline of cyber readiness across the organization.

However, one of the more interesting recommendations is the adoption of generative AI. Cisco advises enterprises to stay up to date on the latest developments in generative AI so that they can better leverage these solutions to enhance enterprise security and augment or automate tasks.

“The meteoric rise of Generative AI continues to create a plethora of opportunities for organizations, and cybersecurity solutions are no exception. But AI has also been leveraged by bad actors to wreak havoc on unprepared targets. As such, integrating AI into frontline defenses has become a critical ingredient to cybersecurity readiness and forms a new pillar in this year’s index,” the report said.

The report noted that many companies are failing to capitalize on this disruptive technology, with 52% of organizations having yet to significantly incorporate AI into their security solutions.

Potential areas for deploying AI in cybersecurity include verifying security identities at scale, monitoring passwordless authentication, and cloud defense.

The Bottom Line

The cyber threat landscape may look bleak, but it’s still manageable for organizations that commit to investing in new technology and remain open-minded about remote working-friendly approaches.

Investing in cybersecurity, automating repeated manual tasks with AI, and setting policies on the use of unmanaged devices all have the potential to reduce the risk of compromise.

Given that remote working and hybrid working are here to stay, it’s important for organizations to put outdated legacy approaches to cybersecurity to the side.

Related Terms

Related Article