Organisations must prioritise resilience strategies

Survey reveals urgent need for prioritization of network and security architecture transformation and adoption of a Zero Trust ‘Resilient by Design’ approach for cyber resilience strategies in the face of inevitable future attacks.

A global survey from Zscaler reveals a critical disconnect between IT leader confidence in their organization’s ability to weather upcoming failure scenarios like cyberattacks and the effectiveness of current security approaches. According to the survey conducted by Sapio, which incorporated responses from 1,700 IT decision makers across 12 countries, almost half (49%) of IT decision makers believe their IT infrastructure is highly resilient and 94% think their current cyber resilience measures are effective. Contradicting this confidence, two-fifths (40%) of IT leaders haven’t reviewed their cyber resilience strategy in over six months, and only 45% report their strategy is up-to-date in preparation for modern attacks in response to the rise of AI–showing a disconnect between the level of confidence and taking action. With the threat landscape evolving and the devastating impact of ransomware attacks on businesses, organizations must evaluate their ability to respond to and plan for attacks– making it crucial to transition to a zero trust architecture.

Cyber resilience requires greater prioritization and urgency from leadership

Examining the disconnect between confidence levels and current strategies highlights a lack of investment from organizational leadership as a key friction point. Respondents indicate that a majority of leaders understand the growing importance of having a robust cyber resilience approach, but only a minority (39%) believe it is one of their leaders’ ‘top priorities’. This prioritization is reflected in the amount of budget assigned to cyber resilience strategies, with half of the respondents (49%) agreeing that the level of investment doesn’t meet the escalating need. From a total cost of ownership perspective, this suggests that spending additional funds on a legacy security model that isn’t working requires a new approach which can be accomplished with zero trust.

It is also evidenced by the lack of cyber resilience involvement from leadership. For most organizations, the burden of cyber resilience planning falls to IT leaders and their teams. Fewer than half (44%) of IT leaders say they have the CISO, for example, actively participating in any resilience planning. Further evidence of cyber resilience being siloed is the fact that only 36% of IT leaders say their cyber resilience strategy is included within their organization’s overall resilience strategy.

“The possibility of a major failure scenario for organizations is not an ‘if’ but ‘when’, as the statistics in our report show,” said Jay Chaudhry, CEO, Chairman and Founder, Zscaler. “It proves the need for proactive resilience to combat and mitigate inevitable incidents before they become a significant issue for business continuity. Proactive resilience is essential to address incidents before they threaten business continuity. Cyber resilience is foundational to overall business resilience, and outdated firewalls and VPNs allow persistent attacks, making a zero trust architecture crucial for defending against advanced threats. Leadership must collaborate with IT teams to develop a strong cyber resilience strategy based on Zero Trust, preparing for and mitigating the impact of sophisticated AI-driven attacks. We call this becoming ‘Resilient by Design’.”

Prevention is overprioritized compared to response & recovery

The majority (60%) of IT leaders believe their organization overly prioritizes prevention – with splits showing that over two fifths (43%) of cyber security strategies and budgets are focused on prevention, at the expense of response or recovery. This suggests that most organizations are not prepared for what would happen if a failure occurred and would struggle to recover business operations as quickly as needed. Even among those organizations focusing their efforts on prevention, fewer than half are deploying each of the following proactive security tools to contain the blast radius of cyberattacks and mitigate further damage: risk hunting (44%), Zero Trust micro segmentation (42%,) and deception technologies (35%).

“With the growing threat landscape including AI-based attacks and continued pressure to digitize not likely to abate any time soon, our attack surfaces are still expanding beyond our control. A robust and proactive resilience strategy, underpinned by a zero trust architecture, ensures a foundation that won’t crumble even in the wake of a successful attack, that can be remediated faster”, said James Tucker, Head of EMEA CISOs in Residence at Zscaler. “Therefore organizations need to transform their network and security architecture and adopt a zero trust ‘Resilient by Design’ approach to weather the dangers of a digital future.”

A Zero Trust architecture enables a ‘Resilient by Design’ approach

To mitigate cyber resilience risk, organizations should embed visibility and control into their security strategy. Understanding failure scenarios more quickly and thoroughly based on the insights from an AI-powered cloud security platform to mitigate the blast radius of an incident strengthens the resilience posture. This outcome is what Zscaler enables with a ‘Resilient by Design’ approach. Because cyber threats evolve and advance so quickly, Zscaler leverages AI to dynamically adjust access based on changing risk. The Zscaler Zero Trust Exchange reduces risk across all four stages of the attack chain and supports a ‘Resilient by Design’ approach:

• Minimize the attack surface

• Prevent initial compromise

• Eliminate lateral movement

• Stop data loss

Drata has entered into a definitive agreement to acquire SafeBase, the leading Trust Center...
New platform capabilities make businesses more secure with frictionless controls, automated...
In the second half of 2024, Mimecast processed more than 90 billion data points for over 42,000...
New report features novel research and insights to help security professionals outsmart and...
New innovations introduced at the show showcase the company’s leading portfolio designed to help...
Commvault Cloud enables easy, secure, CIS-hardened deployment across all major cloud hyperscaler...
Kyndryl’s end-to-end SASE services will help customers drive adoption of Palo Alto Networks’...
At least half of UK organisations are neglecting to assess their operational cyber risks, despite...