IT disaster recovery, cloud computing and information security news

Organizations struggle to accurately assess cyber risk

Details
Published: Tuesday, 06 December 2016 08:56

Tenable Network Security, Inc., has released findings from its 2017 Global Cybersecurity Assurance Report Card. This provides a global index reflecting confidence in organizational cyber security. According to this year’s data, global cybersecurity confidence fell six points during 2016 to earn an overall score of 70 percent:  a ‘C minus’ on the report card. The overall decline in confidence is the result of a 12-point drop in the 2017 Risk Assessment Index, which measured the ability of respondents to assess cyber risk across 11 key components of the enterprise information technology landscape.

For the second straight year, practitioners cited the ‘overwhelming cyber threat environment’ as the single biggest challenge facing IT security professionals today, followed closely by ‘low security awareness among employees’ and ‘lack of network visibility (BYOD, shadow IT)’.

Key global findings from the 2017 Global Cybersecurity Assurance Report Card are:

  • Cloud software as a service (SaaS) and infrastructure as a service (IaaS) were two of the lowest scoring risk assessment areas in the 2016 report. SaaS and IaaS were combined with platform as a service (PaaS) for the 2017 survey and the new ‘cloud environments’ component scored 60 percent (D minus), a seven-point drop compared to last year’s average for IaaS and SaaS.
  • Identified alongside IaaS and SaaS in last year’s report as one of the biggest enterprise security weaknesses, risk assessment for mobile devices dropped eight points from 65 percent (D) to 57 percent (F).
  • Two new IT components were introduced for 2017: containerization platforms and DevOps environments. DevOps is transforming the way software teams collaborate through increased consistency and automation, but it also introduces new security concerns. In fact, respondents reported just 57 percent confidence in the ability to assess security during the DevOps process. At the same time, adoption of containerization technologies like Docker is exploding as organizations look to accelerate innovation cycles and reduce time-to-market. Unfortunately, only 52 percent of respondents felt that their organization had a handle on how best to assess risks within container environments.

Tenable surveyed 700 IT security professionals employed by organizations with 1,000+ employees in September 2016 for the 2017 Global Cybersecurity Assurance Report Card.

For more information visit tenable.com/2017-global-cybersecurity-assurance-report-card



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

Cyber Response Guide
The Impact Tolerance Guide

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.