Cisco: Security teams are ‘overconfident’ about handling next-gen threats

Despite the dangers posed by new threats like generative AI, a new study from Cisco found that security teams are “overconfident” and comfortable in their ability to cope with a rapidly changing threat landscape.

The study published today surveyed more than 8,000 cybersecurity decision-makers around the world, and found that nearly three-quarters of them expected a cybersecurity incident to disrupt their business sometime in the next two years. Fully 80%, however, said that they were anywhere from “moderately confident” to “very confident” in their ability to deal with such incidents.

Cisco’s own analysis rated respondent organizations on the maturity of their security posture, from “beginner” at the low end to “mature” at the high end. Most rated as “formative,” or a step above beginner, with the bottom two categories making up 71% of organizations polled.

Part of the problem that most companies are facing, according to Cisco, is the complicated nature of their security stacks. More than two-thirds of respondents said that their company had more than 10 separate offerings in their security stack, and a quarter said they had 30 or more.

“This reflects the way in which the industry has evolved over the years,” the report read. “As new threats emerged, new solutions were developed and deployed to counter them, either by existing vendors or new ones.”

Frank Dickson, group vice president for IDC’s security and trust research practice, said that the concern about complicated tool stacks is far from a new one.

“We’ve been having that debate in security for ten years,” he said.

Efforts to centralize security systems have been around for just as long, he said, but for too long, the offerings peddled as “platforms” weren’t really anything of the sort — more bundles of interrelated products than true foundations for all-around security.

That’s finally beginning to change, however, Dickson said.

“We’re really starting to see big vendors offering truly integrated products that are decreasing complexity,” he noted. “And companies are now realizing that this ‘best-of-breed’ approach is untenable.”

The rise of generative AI, as well, represents a key threat to the security posture of the enterprise, according to the report. There are a number of different ways that generative AI may contribute to a worsening security landscape, including data theft and spam, but, according to Dickson, the biggest concern may be iterating on the present day’s most popular technique for initial compromise.

“The number-one way bad actors get into our networks is phishing emails, and it’s now a lot easier to send convincing ones,” he said.

To combat this and other threats, Cicso recommended several courses of action to businesses, including investment in cybersecurity, closing vulnerability gaps created by unmanaged devices, and keeping a weather eye on developments in generative AI technology.