Over one-third of cybersecurity technologies used by Indian organisations are outdated, according to a recent study by Cisco.

According to the study titled “Security Outcomes Study Volume 2”, 37 per cent of cybersecurity technologies used by companies in India are considered outdated by security and privacy professionals working at these organisations.

The study is based on a global survey of more than 5,100 security and privacy professionals across 27 markets. This includes more than 2,000 professionals from 13 markets in Asia-Pacific.

Respondents, including professionals from companies in India, shared their approaches to updating and integrating their security architecture, detecting and responding to threats, and staying resilient when disaster strikes.

Also read: India doubled ransomware detection in Q3 2021 as compared to Q2: Report

33 per cent of respondents from India further considered their cybersecurity infrastructure unreliable while 49 per cent stated that it is complex. On the right side, companies in India are addressing these issues by investing in modern cybersecurity technologies to improve their security posture.

89 per cent of respondents in India said that their company is investing in a ‘Zero Trust’ strategy, while 44 per cent said that their organisation is making steady progress with adopting it. Further 45 per cent of survey respondents said that they are at a mature state of implementing it.

Additionally, 88 per cent said their company is investing in Secure Access Service Edge (SASE) architecture, with 44 per cent making good progress with adoption. A similar number of respondents added that the implementation of the architecture is at mature levels.

“These two approaches are crucial to building a strong security posture for companies in the modern cloud-first and application-centric world,” the report said.

“organisations are facing multiple challenges while operating in this environment, including complexity in connecting users to applications and data across various cloud platforms, inconsistent security policies across disparate locations and networks, difficulty in verifying the identity of users and devices, lack of end-to-end visibility of their security infrastructure, etc. The SASE architecture is widely seen as an effective way to address these challenges,” it added.

SASE combines networking and security functions in the cloud to deliver secure access to applications anywhere users work. Zero Trust, on the other hand, is a simple concept that involves verifying the identity of each user and device every time they access an organisation’s network to reduce security risks.

As per the study, organisations with mature implementations of Zero Trust or SASE architectures are 35 per cent more likely to report strong security operations than those whonare at a nascent stage of implementing these technologies.

Vishak Raman, Director, Security Business, Cisco India and SAARC, said, “Cisco’s Security Outcomes Study indicates where the biggest gaps lie in India Inc’s cybersecurity posture. In response, nearly 60 per cent of companies are expanding their investments in cloud-based security technology plans.”

Also read: Needed, consensus on data privacy rules

“As they ramp up these efforts, they must focus on building a robust cloud-based, integrated, and highly automated architecture to ensure agility and intelligence in threat remediation and enable visibility and management of newly distributed users and applications,” said Raman.

Globally, organisations that leverage threat intelligence record faster mean time to repair (MTTR), with rates 50 per cent lower than non-intel users. Those with integrated technologies are seven times more likely to achieve high levels of process automation, the study added. Additionally, these organisations have also recorded over 40 per cent stronger threat detection capabilities.

“Automation more than doubles the performance of less experienced staff, supporting organisations through skills and labour shortages,” it said.

With the cyberthreat landscape evolving continuously, it is becoming more critical to test business continuity and disaster recovery capabilities regularly and in multiple ways. Organisations proactive in these areas are 2.5 times more likely to maintain business resiliency.

Further, organisations with board-level oversight of business continuity and disaster recovery operations within cybersecurity teams perform best, it added.