SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
Story image
State of Digital Trust 2024: The antithesis of trust is overconfidence
Wed, 3rd Apr 2024

Earning the trust of your customers is not simply a case of having it until you lose it. It must be earned, and can be earned faster through demonstrable actions that prove you care about the details. So why do we see so many enterprise leaders assuming they're doing OK even if they have real work left on the table?

DigiCert surveyed 300 decision makers in organisations as large as 10,000 employees across North America, Europe, the Middle East, Africa, and Asia Pacific to explore their progress on specific, tangible measures around digital trust. For the 2024 report, we examined four categories of action for analysis: enterprise data; IoT and connected devices; software; and eSignature authenticity management.

We score their responses to real digital trust activity, from breaches to incident response handling, and split the results into the top third, Leaders, and the bottom third, Laggards. But in 2024, it may be the middle third of responses that worries us the most. When we examine how this group perceive their digital trust progress versus their actual progress, they think they're less vulnerable than they really are.

Australia has learned some very high profile lessons in digital trust over recent years, where organisations that would be widely assumed by customers to be cybersecurity leaders turned out to have significant shortcomings in technical implementation and incident response. This is likely to have performed something of a trust 'reset' in the market landscape, with trust assumptions lowered in favour of customer demand for clarity of action and preparedness. Those who can speak with specificity and credibility around their digital trust actions have the most to gain in a market where many are seeking reassurance.

Those landing in the Digital Laggard category are often there after experiencing incidents and seeing how much work needs to be done. They may be underway on their journey toward moving up the stack to join the Digital Leaders in future surveys. But for those in the middle ground they may be stagnant ahead of a dangerous drop when their overconfidence meets their next serious security incident.

The best way to better see your own shortcomings is to see where the Digital Leaders are succeeding, and where improvement is needed amongst the rest of the survey crowd. When we "don't know what we don't know", it can be important to look toward leadership to notice what's missing in your own enterprise.

Where Digital Leaders are winning on Digital Trust

There are obvious areas where Digital Leaders score well, such as low counts on breaches, outages and software supply chain compromises. But these are a kind of lagging indicator against other proactive work they have in place to achieve those counts both today and into the future. These include:

  • Active email security strategy
  • Ability to update and monitor IoT in the field
  • eSignature trust practices in place
  • Post-quantum cryptographic (PQC) preparedness

Together, these speak to policy preparedness and active security engagement that can be demonstrated to existing and potential customers. And while some Digital Laggards are likely to be investigating how they move from where they are today toward having such trust systems in place, the middle group may simply be ignorant to the importance of such systems until disaster strikes.

Targeting progress for the overconfident middle

We see a number of measures where the middle third may have some specific vulnerabilities – problems that sit in the grey zone but together suggest a need for wider digital trust policy and execution improvement. These are:

  • Departmental independence that hampers unified security management
  • Agility problems that can see risks grow in the midst of changing security standards
  • Poor device identity management practices that amplify vulnerabilities
  • Unsecured communications systems allowing room for targeted attacks
  • Inadequate code signing protections leaving the door open to exploits

These are all common problems for companies in the midst of digital trust transformation processes, and some align closely with the kinds of problems exploited in recent significant security events in the local market. But too few enterprise leaders place a sense of urgency against the need to solve these problems.

There are many competing demands for business improvement and investment in the difficult economic climate we face today. Proactive digital trust improvement can easily slip down the list. But it can often be the case that if you don't truly know you're on a path toward improvement, you may instead be heading steadily backward until you discover you've been passed by today's Laggards.