Research Report: Majority of Organizations Are in the Dark about Daily Network AttacksA quarter of enterprises experienced a breach in the past year, pointing to a reliance on multiple systems, limited budget and staff.
SEATTLE, January 25, 2017 – DomainTools, the leader in domain name and DNS-based cyber threat intelligence, today released its 2017 Cybersecurity Report Card global research. Developed in conjunction with cybersecurity veteran Byron Acohido, the survey of more than 550 security analysts, IT managers, and executives revealed that the majority of organizations are struggling to monitor and prevent cyberattacks on their network. More than one in four organizations have been breached in the past 12 months, while shockingly 23 percent aren’t sure if they have been breached or not. When asked to grade their organization’s cybersecurity program, 43 percent gave themselves a “C”, “D”, “F”, or “non-existent”, and only 15 percent gave themselves an “A”. While there isn’t a one-size-fits-all solution to network security, the “A” grade companies have several attributes in common, including a high level of automation, a threat intelligence framework, and a robust training program for security staff.
“Given that the sophistication and frequency of cyberattacks are only expected to increase in the next year, any business that touches the internet – which is nearly all companies – is highly susceptible to a successful attack on their network,” said Acohido. “Based on the data from DomainTools new global survey, we know that companies are aware of the cyber dangers and are doing what they can to protect their networks, but knowing is only half the battle. As we have seen from the ‘A’ grade companies, organizations must move beyond human-intensive processes and disparate systems in order to more effectively mitigate potential risk.”
Key findings of the DomainTools 2017 Cybersecurity Posture survey include:
Networks are inundated by cyberattacks and security teams admit they can’t detect or prevent them all
One-third of security pros are savvy enough to detect daily attacks, but the looming majority (66 percent) are unaware of the daily onslaught of malicious activity. While malware (76 percent) and spearphishing (56 percent) are the most common types of threat vectors, business email compromise (25 percent) and DDoS attacks (24 percent) are on the rise. Finally, nearly one-third of respondents were the recipients of attempted cyberextortion, also known as ransomware, which cost businesses more than $1 billion in 2016.
Success Ingredients: Automation, training, and threat intelligence make for an “A” grade enterprise
Of the 15 percent of companies that gave themselves an “A” grade, the vast majority (82 percent) boast a formalized training program for security staff, virtually all (99 percent) utilize some degree or a high level of automation within their security programs, and 78 percent use threat intelligence to follow up on forensic clues of an attack to protect the company. These attributes compare starkly to lower-graded companies. For example, only 37 percent of the “C” companies and none of the “F” companies have a formalized training program, 63 percent of “D” companies use manual processes and are more likely to think they do not need automated processes. What’s more, when asked if they have experienced a network breach in the past 12 months, only 15 percent of “A” companies have, compared to 27 percent of “C” companies, 38 percent of “D” companies, and 63 percent of “F” companies. In addition to more budget (50 percent) and more staff (49 percent), 42 percent of companies that did not grade themselves an “A” said that they need more time to evaluate and install technologies in order to be successful.
Amongst the disparate tools and strategies, threat hunting emerges as a top tactic
The overwhelming number of ways to attack a network naturally begets the need for a variety of protections. Almost all companies use more than one cybersecurity system, including firewalls (63 percent), anti-phishing or other messaging security software (57 percent), Security Information and Event Management (SIEM) systems (52 percent), and threat intelligence platforms (42 percent). More than one quarter (26 percent) spend 26 hours or more per week hunting threats in the network, and the vast majority (78 percent) find value in threat hunting – specifically in drilling down on forensic clues from phishing emails, such as domain name, IP address, or email address, and disclose that it leads to information that makes the organization more secure. Interestingly, “A” and “B” companies were more likely to follow up on clues and evidence compared to ”D” and “F” companies.
“With devious hackers leveraging various tactics and threat vectors, it’s clear there is no one-size-fits-all approach to protecting the network,” said Tim Helming, director of product management at DomainTools. “What’s interesting about our new global survey data is to see the actual connection between hunting threats and secure networks, as the “A” companies that are more likely to drill down on forensic clues were less likely to be breached compared to the other companies, pointing to some of the necessary components of a more secure network.”
DomainTools’s study polled over 550 global security professionals and executives working in finance, government, healthcare, retail, and technology industries. Regions include North America, EMEA, APAC and LATAM. The survey was conducted by DomainTools in conjunction with Byron Acohido in December 2016 and the full survey results are available upon request.
DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at http://www.domaintools.com or follow us on Twitter: @domaintools.