SEATTLE – November 21, 2019 – DomainTools released today its annual Cybersecurity Report Card in which security analysts, threat hunters and other cyber professionals on the front lines self-grade the security posture of their organizations. Now in its third year, the survey responses build on the results of the previous 2018 and 2017 Report Cards and further strengthen and support numerous trends that have been playing out year-over-year. The report also provides insights into how successful organizations are adapting to the changing threat landscape.
Coming off of a year of major data breaches making headline news, it’s easy to draw the conclusion that security teams are losing the cybersecurity battle. However security pros are reporting real progress being made as confidence in their programs continues to grow: Thirty percent of respondents gave their program an “A” grade this year, doubling over two years from 15 percent in 2017. Less than four percent reported a “D” or “F”.
Security breaches among those surveyed are also continuing to decline year-over-year. The percentage of organizations that indicate they have been breached in the past 12 months has dropped from 26 percent in 2017 to 15 percent in 2019, according to the findings. The report also validates that automation is “working” and is playing an increasingly important role in securing these organizations.
“Cyber threats remain relentless and continue to evolve in complexity, so it is reassuring to see that the confidence of security teams in their security posture is growing in parallel with their success in defending against the latest attacks. It is also exciting to see the results of investments in automation and in-house SOCs paying off as the key components of driving this progress forward,” said Tarik Saleh, Senior Security Engineer & Malware Researcher.
Added Saleh, “Unfortunately, security teams report they are more short-staffed than ever, with the need for more staff as the number one hurdle to achieving an ‘A’ grade in 2019, overtaking budget issues from previous years.”
More than 500 security professionals from companies ranging in size, industry, and geography were surveyed to provide insight into what security initiatives are in use by top-rated organizations and where there remains room for improvement heading into 2020. Prominent findings include:
- In-house SOC: More than half (53%) of organizations now carry out security operations with a full in-house SOC, up 10 percent over 2017. Grade “A” respondents overwhelmingly rely on in-house SOC to keep their grades high, with 78 percent reporting on their implementation.
- Automation: Automation is playing an increasingly important role in securing organizations, with 88 percent strongly agreeing or agreeing that automation has improved their staff’s technical skills and general knowledge of cybersecurity. 22 percent of organizations have a high level of automation compared to 45 percent of Grade “A” organizations, demonstrating the impact automation has on higher ratings of security posture.
- Threat hunting: Organizations are showing a greater emphasis on proactive threat hunting. 61 percent of organizations now utilize a threat intelligence platform, up 20 percent since the 2018 report. 75 percent of Grade “A” organizations rely on threat intelligence platforms.
- Forensic analysis: Forensic clues from phishing emails, such as domain name, IP address, or email address are investigated by 76 percent of organizations and 90 percent of Grade “A” organizations. 86 percent of Grade “A” organizations also log DNS traffic for later forensic review.
- Finding threats faster: With year-over-year increases in the use of automation, in-house SOC and threat intelligence platforms, analysts are able to detect and respond to threats faster. Slightly over half (51%) of organizations with an “A” grade are able to detect active or suspected cyberattacks several times throughout the day.
The report also looked at the most common threat vectors that organizations detect. Malware, spearphishing, and business email compromise are the three most predominant forms of attack, with ransomware and DDoS both showing 10 percent declines since 2017.
Read the DomainTools 2019 Cybersecurity Report Card to get the full story and a more in-depth analysis of these findings plus many others. Download the report now.
DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at http://www.domaintools.com or follow us on Twitter: @domaintools.