Tenable Network Security, Inc. has released findings from the 2017 Global Cybersecurity Assurance Report Card, in which the world’s information security practitioners gave global cybersecurity readiness a “C-” average with an overall score of 70 percent.
The 2017 Global Cybersecurity Assurance Report Card solicited insights from 700 security practitioners in nine countries and across seven industry verticals to calculate a global index score reflecting overall confidence that the world’s cyber defences are meeting expectations.
According to this year’s data, global cybersecurity confidence fell six points over 2016 to earn an overall score of 70 percent — a “C-” on the report card.
The overall decline in confidence is the result of a 12-point drop in the 2017 Risk Assessment Index, which measured the ability of respondents to assess cyber risk across 11 key components of the enterprise information technology (IT) landscape.
For the second straight year, practitioners cited the “overwhelming cyber threat environment” as the single biggest challenge facing IT security professionals today, followed closely by “low security awareness among employees” and “lack of network visibility (BYOD, shadow IT).”
“Today’s network is constantly changing — mobile devices, cloud, IoT, web apps, containers, virtual machines — and the data indicate that a lot of organisations lack the visibility they need to feel confident in their security posture,” said Cris Thomas, strategist, Tenable Network Security. “It’s pretty clear that newer technologies like DevOps and containers contributed to driving the overall score down, but the real story isn’t just one or two things that need improvement, it’s that everything needs improvement.”
2017 Key Global Findings
- Cloud Darkening - Cloud software as a service (SaaS) and infrastructure as a service (IaaS) were two of the lowest scoring Risk Assessment areas in the 2016 report. SaaS and IaaS were combined with platform as a service (PaaS) for the 2017 survey and the new “cloud environments” component scored 60 percent (D-), a seven point drop compared to last year’s average for IaaS and SaaS.
- A Mobile Morass - Identified alongside IaaS and SaaS in last year’s report as one of the biggest enterprise security weaknesses, Risk Assessment for mobile devices dropped eight points from 65 percent (D) to 57 percent (F).
- New Challenges Emerge - Two new IT components were introduced for 2017 — containerisation platforms and DevOps environments. DevOps is transforming the way software teams collaborate through increased consistency and automation, but it also introduces new security concerns. In fact, respondents reported just 57 percent confidence in the ability to assess security during the DevOps process.
At the same time, adoption of containerisation technologies like Docker is exploding as organisations look to accelerate innovation cycles and reduce time-to-market. Unfortunately, only 52 percent of respondents felt that their organisation had a handle on how best to assess risks within container environments.
2017 Overall Cybersecurity Assurance Report Cards by Country
- India: B (84 percent)
- United States: C+ (78 percent)
- Canada: C (75 percent)
- France: C (74 percent)
- Australia: C- (71 percent)
- United Kingdom: D (66 percent)
- Singapore: D (64 percent)
- Germany: D- (62 percent)
- Japan: F (48 percent)
2017 Overall Cybersecurity Assurance Report Cards by Industry
- Retail: C (76 percent)
- Financial Services: C- (72 percent)
- Manufacturing: C- (72 percent)
- Telecom & Technology: C- (70 percent)
- Health Care: D (65 percent)
- Education: D (64 percent)
- Government: D (63 percent)
Singaporean businesses scored the highest in risk assessment for cloud environments and DevOps environments; C- for both categories. Globally however, this placed Singapore second for cloud environments, tied with the USA and only slightly behind India.
Of particular concern and area of weakness was containerisation platforms, personal devices (laptops, tablets and desktops) and datacenters – which all scored D. Singapore businesses also failed to review network risks continuously and aggregate risk intelligence, but interestingly scored a high of 71 per cent at measuring security effectiveness. Singapore ranked second an overall D among Asian countries that were surveyed.
“We are encouraged by the security effectiveness of Singaporean organisations as well as the managing of cloud and DevOps environments. With Asian and Singaporean enterprises gearing up to adopt cloud environments, the survey reveals that Singaporeans are viewing cyber threats seriously and taking steps to mitigate their vulnerabilities. However, Singapore still lags behind in a number of areas which reinforces the need for constant improvement,” said Dick Bussiere, Technical Director for Asia Pacific, Tenable Network Security.