思科发布的报告显示全球仅有 3% 的组织充分做好了应对网络威胁的准备

6个月前 68观看

思科系统公司今天发布了一份颇为令人不安的新报告。报告发现,全球仅有 3% 的组织在抵御当今网络安全风险的准备方面达到了所需的"成熟"水平。

The 2024 Cisco Cybersecurity Readiness Index, based on a double-blind survey of more than 8,000 private sector security and business leaders across 30 global markets, found that companies today are continuing to be targeted with techniques ranging from phishing and ransomware to supply chain and social engineering attacks. But though they are building defenses against these attacks, most are still struggling to defend against them, often slowed down by overly complex security postures that are dominated by multiple point solutions.

《2024 年思科网络安全就绪指数》(Cisco Cybersecurity Readiness Index)基于对全球 30 个市场的 8000 多名私营部门安全和业务领导者进行的双盲调查,结果发现,现在的企业仍然面临着来自网络钓鱼、勒索软件、供应链和社交工程攻击等多种技术手段的威胁。他们正在建立对抗这些攻击的防御措施,但大多数企业仍然难以有效地抵御这些攻击,而过于复杂的主要由多个点解决方案主导的安全体系往往会拖慢企业的步伐。

The report also highlights the challenges that organizations face in today's distributed working environments where data can be spread across limitless services, devices, applications and users.


Of those surveyed, 80% of companies feel moderately to very confident in their ability to defend against a cyberattack with their current infrastructure. That's despite the results finding that they are often lacking in readiness. The report suggests that the disparity between confidence and readiness may be due to misplaced confidence in their ability to navigate the threat landscape and not properly assessing the true scale of the challenges being faced.

在接受问卷调查的企业中,80% 的企业对自己目前的基础设施抵御网络攻击能力有信心的程度为中等甚至非常大。尽管调查结果发现这些公司往往缺乏准备,但这并没有影响他们的信心。报告认为,信心和准备度之间的差距可能是因为他们对自己在应对威胁环境中的能力过于自信以及没有正确评估所面临挑战的真正规模。

While companies may not be completely ready, they are mostly aware of the risks. Nearly three-quarters of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months. That expectation, in many cases, comes from past experience, with more than half of respondents saying that they had experienced a cybersecurity incident in the last 12 months. More than half of those affected also said it cost them at least $300,000.

虽然企业可能还没有完全做好准备,但大多企业已意识到了存在的风险。近四分之三的受访企业表示,他们预计在未来 12 到 24 个月内会发生导致业务中断的网络安全事件。这种预期在很多情况下来自于过去的经验,超过半数的受访企业表示他们在过去 12 个月中经历过网络安全事件。受影响的企业中超过一半的企业还表示,这些安全事件给他们造成了至少 30 万美元的损失。

In terms of what companies are doing to combat threats, 80% said that they had point solution overload — multiple point solutions that have slowed down their team's ability to detect, respond and recover from incidents. Two-thirds of respondents said that they have deployed t10n or more point solutions in their security stacks, while a quarter said they have 30 or more.

就企业为应对威胁所采取的措施而言,80% 的受访者表示他们面临着点解决方案过载的问题,多点解决方案降低了团队检测、响应和恢复事故的能力。三分之二的受访者表示,他们在安全堆栈中部署了 10 个或更多的点解决方案,而四分之一的受访者表示,他们部署了 30 个或更多的点解决方案。

The adoption of unmanaged devices was also highlighted, with 85% saying their employees access company platforms from unmanaged devices and 43% of those spend 20% of their time logged onto company networks from unmanaged devices. Additionally, 29% reported that their employees hop among at least six networks over a week.

报告还特别提到非托管设备的采用情况,85% 的受访者表示他们的员工通过非托管设备访问公司平台,其中的 43% 通过非托管设备登录公司网络的时间为 20%。此外,29% 的受访者表示,他们的员工一周内至少在六个网络之间切换。

Progress in trying to address security gaps was also found to be being hampered due to critical talent shortages. Some 87% said it was an issue and 46% said they had more than 10 roles related to cybersecurity unfilled in their organization at the time of the survey.

报告还发现,弥补安全漏洞的工作进展由于关键人才短缺而受到阻碍。约 87% 的受访者表示这是一个有待处理的问题,46% 的受访者表示在回答问卷期间他们的组织曾有超过 10 个与网络安全相关的职位空缺。

Despite the challenges, just over half said that they were planning to significantly upgrade their IT infrastructure in the next 12 to 24 months, up from a third that planned to do so last year. Organizations plan to upgrade existing solutions (66%), deploy new solutions (57%) and invest in artificial intelligence-driven technologies (55%). Nearly all companies said they plan to increase their cybersecurity budget in the next 12 months, and 86% of respondents say their budgets will increase by 10% or more.

尽管面临这些挑战,但仍有一半以上的受访者表示计划在未来 12 到 24 个月内大幅升级自己的 IT 基础设施,比去年的三分之一有所增加。另外,受访企业计划在升级现有解决方案(66%)、部署新的解决方案(57%)以及投资人工智能驱动的技术(55%)。几乎所有受访企业都表示,他们计划在未来 12 个月内增加网络安全预算,86% 的受访者表示他们的预算将增加 10% 或更多。

"To overcome the challenges of today's threat landscape, companies must accelerate meaningful investments in security," the report concludes. Recommendations include the adoption of innovative security measures and a security platform approach, strengthening network resilience, establishing meaningful use of generative AI and ramping up recruitment to bridge the cybersecurity skills gap.


