A majority of organizations are falling down on ‘cyber hygiene’

Published: Tuesday, 14 August 2018 08:19

Tripwire, Inc., has released its ‘State of Cyber Hygiene’ report, which finds that more than 60 percent of organizations not leveraging established hardening benchmarks.

The survey, conducted in July in partnership with Dimensional Research, included responses from 306 IT security professionals.

Tripwire examined how organizations are implementing security controls that the Center for Internet Security (CIS) refers to as ‘Cyber Hygiene’. The survey found that almost two-thirds of the organizations admit they do not use hardening benchmarks, like CIS or Defense Information Systems Agency (DISA) guidelines, to establish a secure baseline.

“These industry standards are one way to leverage the broader community, which is important with the resource constraints that most organizations experience," said Tim Erlin, vice president of product management and strategy at Tripwire. "It's surprising that so many respondents aren’t using established frameworks to provide a baseline for measuring their security posture. It’s vital to get a clear picture of where you are so that you can plan a path forward."

Other key findings in the report include:

"When cyber attacks make the news, it can be tempting to think a new shiny tool is needed to protect your environment against those threats, but that’s often not the case," said Erlin. "Many of the most impactful and widespread cyber security issues stem from a lack of getting the basics right. Cyber hygiene provides the foundational breadth necessary to manage risk in a changing landscape, and it should be the highest priority cyber security investment."

To view the full State of Cyber Hygiene report, go to: https://www.tripwire.com/misc/state-of-cyber-hygiene-report-register/