Rating themselves, more infosec pros think their security posture is improving

Students hate being graded. Wouldn’t life be easier, many wonder, if we could grade ourselves?

Infosec pros from around the world have been given that chance by DomainTools, who today released their second annual self-assessed cyber security report card.

Assuming there’s honesty in anonymity, and the sample survey of 525 respondents from companies ranging in size and geography is representative, there are some signs of progress.

“Overall, report card grades improved in 2018, with 21 per cent of respondents giving their programs an “A,” (up from 15 per cent) and 42 per cent rating their work at a “B,” says the report.

“Use of automation, improvements in employee security training and a 10 per cent increase in the use of threat intelligence tools contributed to the boost in confidence.”

Also, the number of people that responded “I don’t know” when asked, “Which tools do you use as part of your organization’s defense approach?” decreased by about five per cent, “demonstrating a gradual improvement in program development,” says the report author.

Strategic use of automation technology plays a significant role among highly-rated programs, the report found. So much so that 92 per cent of companies rating themselves as “A” said they use automation to simplify time-consuming processes. Conversely, “D” and “F” companies said their processes are highly manual. When compared to last year, there was an eight per cent decrease in the number of teams using manual processes and an increase among groups considering automated solutions.

Five per cent more organizations plan to step-up security awareness training in the coming year than did last year, and the number of those that intend to skip training initiatives decreased by half from 2017.

The bad news from the survey

However, “one surprising finding,” says the report, “was the decrease in malware analysis when investigating attacks. Malware analysis declined by 12 per cent from 2017, and forensic analysis of compromised machines was scaled back by six per cent.” One potential reason for this, the report speculates, is that malware analysis tends to be a manual and time-intensive process.

Arguably just as worrisome is that 35 per cent of respondents admitted they don’t have the capability to expand from one threat indicator to a larger map of threat infrastructure, In fact one-third said they spend less than five hours per week hunting for threats in the network.

Another interesting finding: 60 per cent said their organization has a formal training program for security staff. About 35 per cent said they’re planning to add one next year. Roughly 15 per cent of respondents said their firm doesn’t need a formal training program.

Finally, when asked what it would take for their organization to become an “A,” half said it would take a bigger budget, with about 45 per cent saying they’d need more staff, or more time to evaluate new technologies or increased automation.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now