The 2016 Cisco Security report is in many ways an encouraging document, while it describes a litany of threats facing the modern business the fact managers are less confident about their defenses is a good thing.
Of the 2432 security executives surveyed 59% claimed their security infrastructure was up to date against 64 percent said the same. Acknowledging this is motivating them to improve their defenses.
For industry, the real concern is the small business sector where there’s a clear decline in the use of IT security tools. As the Target breach showed, trusted contractors and suppliers provide a weakness in an organisation’s systems that malicious actors are keen to exploit.
In Cisco’s analysis, the main reasons for SMBs lack of concern is their belief they are too small to be valuable to hackers and most of their IT management is outsourced.
A shift to the cloud shouldn’t be understated, particularly given many SMBs are shifting their IT functions onto cloud services. While this doesn’t fully protect businesses, the cloud providers certainly offer a far higher level of protection that the local plumbing contractor relying on a mom and pop computer support service.
The bad guys however are responding to that shift with Cisco reporting increased browser based and DNS attacks, both of these are useful in compromising cloud computing services which means both service providers and end users have to be vigilant about security.
At all levels of business though the lack of confidence in security has major ramifications as the Internet of Things is rolled out and common devices start being connected to fragile and often compromised networks.
The good news for vendors like Cisco is this lack of confidence could spur a new wave of business investment as companies improve their network security.
Another important aspect of CIOs and business owners not being confident about their network security is they are far less likely to assume their systems are safe or to passively accept vendor assurances about their safety.
For all of us a customers and users of these technologies, a greater focus on security by the organisations we deal with should be welcomed as well.