Start Your FREE Membership NOW
 Discover Proven Ways to Be a Better Medical Office Manager
 Get Our Weekly eNewsletter, MOMAlert, and MUCH MORE
 Absolutely NO Risk or Obligation on Your Part -- It's FREE!
EMAIL ADDRESS



Upgrade to Premium Membership NOW for Just $90!
Get 3 Months of Full Premium Membership Access
Includes Our Monthly Newsletter, Office Toolbox, Policy Center, and Archives
Plus, You Get FREE Webinars, and MUCH MORE!
CYBERSECURITY

How would you grade your cybersecurity program?

DomainTools, a leader in domain name and DNS-based cyber threat intelligence, has released its 2017 Cybersecurity Report Card global research.

Developed in conjunction with cybersecurity veteran Byron Acohido, the survey took place in December 2016 and polled more than 550 security analysts, IT managers, and executives working in healthcare, government, finance, retail, and technology industries.

The survey revealed that the majority of organizations are struggling to monitor and prevent cyberattacks on their network.  More than one in four organizations have been breached in the past 12 months, while shockingly 23 percent aren’t sure if they have been breached or not.

Low grades for cybersecurity programs

When asked to grade their organization’s cybersecurity program, 43 percent gave themselves a “C”, “D”, “F”, or “non-existent”, and only 15 percent gave themselves an “A”.

While there isn’t a one-size-fits-all solution to network security, the “A” grade companies have several attributes in common, including a high level of automation, a threat intelligence framework, and a robust training program for security staff.

“Given that the sophistication and frequency of cyberattacks are only expected to increase in the next year, any business that touches the internet—which is nearly all companies—is highly susceptible to a successful attack on their network,” said Byron Acohido. “Based on the data from DomainTools new global survey, we know that companies are aware of the cyber dangers and are doing what they can to protect their networks, but knowing is only half the battle. As we have seen from the ‘A’ grade companies, organizations must move beyond human-intensive processes and disparate systems in order to more effectively mitigate potential risk.”

Key findings of the survey include:

1. Networks are inundated by cyberattacks and security teams admit they can’t detect or prevent them all

One-third of security pros are savvy enough to detect daily attacks, but the looming majority (66 percent) are unaware of the daily onslaught of malicious activity. While malware (76 percent) and spearphishing (56 percent) are the most common types of threat vectors, business email compromise (25 percent) and DDoS attacks (24 percent) are on the rise. Finally, nearly one-third of respondents were the recipients of attempted cyberextortion, also known as ransomware, which cost businesses more than $1 billion in 2016.

2. Automation, training, and threat intelligence make for an “A” grade enterprise

Of the 15 percent of companies that gave themselves an “A” grade, the vast majority (82 percent) boast a formalized training program for security staff, virtually all (99 percent) use some degree or a high level of automation within their security programs, and 78 percent use threat intelligence to follow up on forensic clues of an attack to protect the company.

These attributes compare starkly to lower-graded companies. For example, only 37 percent of the “C” companies and none of the “F” companies have a formalized training program, 63 percent of “D” companies use manual processes and are more likely to think they do not need automated processes.

What’s more, when asked if they have experienced a network breach in the past 12 months, only 15 percent of “A” companies have, compared to 27 percent of “C” companies, 38 percent of “D” companies, and 63 percent of “F” companies. In addition to more budget (50 percent) and more staff (49 percent), 42 percent of companies that did not grade themselves an “A” said that they need more time to evaluate and install technologies in order to be successful.

3. Amongst the disparate tools and strategies, threat hunting emerges as a top tactic

The overwhelming number of ways to attack a network naturally begets the need for a variety of protections. Almost all companies use more than one cybersecurity system, including:

  • firewalls (63 percent),
  • anti-phishing or other messaging security software (57 percent),
  • Security Information and Event Management (SIEM) systems (52 percent), and
  • threat intelligence platforms (42 percent).

More than one quarter (26 percent) spend 26 hours or more per week hunting threats in the network, and the vast majority (78 percent) find value in threat hunting—specifically in drilling down on forensic clues from phishing emails, such as domain name, IP address, or email address, and disclose that it leads to information that makes the organization more secure. Not surprisingly, “A” and “B” companies were more likely to follow up on clues and evidence compared to “D” and “F” companies.

“With devious hackers leveraging various tactics and threat vectors, it’s clear there is no one-size-fits-all approach to protecting the network,” said Tim Helming, director of product management at DomainTools. “What’s interesting about our new global survey data is to see the actual connection between hunting threats and secure networks, as the ‘A’ companies that are more likely to drill down on forensic clues were less likely to be breached compared to the other companies, pointing to some of the necessary components of a more secure network.”


Editor’s picks:

Secrecy in the age of social media: six ways to keep sensitive practice information offline


Beware of HIPAA-related text messaging risks


Improper data removal and poor enforcement of data retention policies create the ‘perfect storm’ for data breaches


Close

EMAIL ADDRESS


PASSWORD
EMAIL ADDRESS

FIRST NAME

LAST NAME

TITLE

COMPANY

PHONE

Try Premium Membership

(-0)