DomainTools has released its 2017 Cyber-security Report Card global research, which found that more than one in four organisations have been breached in the past 12 months, while 23 percent aren't sure if they have been breached or not.
Developed in conjunction with cyber-security veteran Byron Acohido, the survey of more than 550 security analysts, IT managers, and executives revealed that the majority of organisations are struggling to monitor and prevent cyber-attacks on their network.
When asked to grade their organisation's cyber-security program, 43 percent gave themselves a “C”, “D”, “F”, or “non-existent”, and only 15 percent gave themselves an “A”.
While there isn't a one-size-fits-all solution to network security, the “A” grade companies have several attributes in common, including a high level of automation, a threat intelligence framework, and a robust training program for security staff.
“Given that the sophistication and frequency of cyber-attacks are only expected to increase in the next year, any business that touches the internet – which is nearly all companies – is highly susceptible to a successful attack on their network,” said Acohido. “Based on the data from DomainTools' new global survey, we know that companies are aware of the cyber-dangers and are doing what they can to protect their networks, but knowing is only half the battle. As we have seen from the ‘A' grade companies, organisations must move beyond human-intensive processes and disparate systems in order to more effectively mitigate potential risk.”
Key findings of the DomainTools 2017 Cybersecurity Posture survey include:
Networks are inundated by cyber-attacks and security teams admit they can't detect or prevent them all. One-third of security pros are savvy enough to detect daily attacks, but the looming majority (66 percent) are unaware of the daily onslaught of malicious activity. While malware (76 percent) and spear-phishing (56 percent) are the most common types of threat vectors, business email compromise (25 percent) and DDoS attacks (24 percent) are on the rise.
Nearly one-third of respondents were the recipients of attempted cyber-extortion, also known as ransomware, which cost businesses more than US$1 billion in 2016.
Success ingredients: Automation, training, and threat intelligence make for an “A” grade enterprise.
“With devious hackers leveraging various tactics and threat vectors, it's clear there is no one-size-fits-all approach to protecting the network,” said Tim Helming, director of product management at DomainTools. “What's interesting about our new global survey data is to see the actual connection between hunting threats and secure networks, as the “A” companies that are more likely to drill down on forensic clues were less likely to be breached compared to the other companies, pointing to some of the necessary components of a more secure network.”
