A worldwide survey of information security professionals has found that global cyber security readiness fell six points from 2016 to a C- average – an overall score of only 70 percent.
Tenable Network Security’s second annual Global Cybersecurity Assurance Report Card surveyed 700 security practitioners in nine countries and across seven industries, calculating a global index score based on two components: global risk assessment and global security assurance.
The risk assessment component measures the ability of respondents to assess cyber risk across 11 key parts of the enterprise information technology (IT) landscape.
The 2017 report found global confidence in the ability to accurately assess cyber risk dropped 12 percentage points over 2016, while cyber security assurance remained stable. The combined overall score was 70 per cent – a six point drop.
Australia was one of the only countries to improve slightly, gaining two points to achieve an overall score of 71 per cent due to an improvement in its security assurance score. However, Australia’s risk assessment score dropped six points to 64 per cent.
Australia now has a C- ranking for global cyber readiness.
According to the recent Australian Cyber Security Centre Threat Report 2016, the energy industry is one of the most targeted private sectors for cyber attacks in Australia.
For the second straight year, surveyed practitioners cited the “overwhelming cyber threat environment” as the single biggest challenge facing IT security professionals, followed closely by “low security awareness among employees” and “lack of network visibility”.
Cris Thomas, Strategist, Tenable Network Security, said, “Today’s network is constantly changing – mobile devices, cloud, IoT, web apps, containers, virtual machines – and the data indicate that a lot of organisations lack the visibility they need to feel confident in their security posture.
“It’s pretty clear that newer technologies like DevOps and containers contributed to driving the overall score down, but the real story isn’t just one or two things that need improvement, it’s that everything needs improvement.”
The key finding from the 2017 Global Cybersecurity Assurance Report Card include:
- Cloud Darkening: Cloud software as a service (SaaS) and infrastructure as a service (IaaS) were two of the lowest scoring Risk Assessment areas in the 2016 report. SaaS and IaaS were combined with platform as a service (PaaS) for the 2017 survey and the new ‘cloud environments’ component scored 60 per cent (D-), a seven point drop compared to last year’s average for IaaS and SaaS
- A Mobile Morass: Identified alongside IaaS and SaaS in the 2016 report as one of the biggest enterprise security weaknesses, Risk Assessment for mobile devices dropped eight points from 65 per cent (D) to 57 per cent (F)
- New Challenges Emerge: Two new IT components were introduced for 2017 – containerisation platforms and DevOps environments.
2017 Overall Cybersecurity Assurance Report Cards by Country:
- India: B (84 percent)
- United States: C+ (78 percent)
- Canada: C (75 percent)
- France: C (74 percent)
- Australia: C- (71 percent)
- United Kingdom: D (66 percent)
- Singapore: D (64 percent)
- Germany: D- (62 percent)
- Japan: F (48 percent)
Is your utility confident that it can handle cyber security threats?
Our event, Secure Utilities, to be held at the Rendezvous Hotel in Melbourne on 23 March 2017, will keep you up to date with the latest ideas and innovations to keep your utility’s assets and data safe.