Key findings of the DomainTools 2017 Cybersecurity Posture survey include:
Networks are inundated by cyberattacks and security teams admit they can’t detect or prevent them all
One-third of security pros are savvy enough to detect daily attacks, but the looming majority (66 percent) are unaware of the daily onslaught of malicious activity. While malware (76 percent) and spearphishing (56 percent) are the most common types of threat vectors, business email compromise (25 percent) and DDoS attacks (24 percent) are on the rise. Finally, nearly one-third of respondents were the recipients of attempted cyberextortion, also known as ransomware, which cost businesses more than $1 billion in 2016.
Success Ingredients: Automation, training, and threat intelligence make for an “A” grade enterprise
Of the 15 percent of companies that gave themselves an “A” grade, the vast majority (82 percent) boast a formalized training program for security staff, virtually all (99 percent) utilize some degree or a high level of automation within their security programs, and 78 percent use threat intelligence to follow up on forensic clues of an attack to protect the company. These attributes compare starkly to lower-graded companies. For example, only 37 percent of the “C” companies and none of the “F” companies have a formalized training program, 63 percent of “D” companies use manual processes and are more likely to think they do not need automated processes. What’s more, when asked if they have experienced a network breach in the past 12 months, only 15 percent of “A” companies have, compared to 27 percent of “C” companies, 38 percent of “D” companies, and 63 percent of “F” companies. In addition to more budget (50 percent) and more staff (49 percent), 42 percent of companies that did not grade themselves an “A” said that they need more time to evaluate and install technologies in order to be successful.
Amongst the disparate tools and strategies, threat hunting emerges as a top tactic
The overwhelming number of ways to attack a network naturally begets the need for a variety of protections. Almost all companies use more than one cybersecurity system, including firewalls (63 percent), anti-phishing or other messaging security software (57 percent), Security Information and Event Management (SIEM) systems (52 percent), and threat intelligence platforms (42 percent). More than one quarter (26 percent) spend 26 hours or more per week hunting threats in the network, and the vast majority (78 percent) find value in threat hunting – specifically in drilling down on forensic clues from phishing emails, such as domain name, IP address, or email address, and disclose that it leads to information that makes the organization more secure. Interestingly, “A” and “B” companies were more likely to follow up on clues and evidence compared to “D” and “F” companies.
“With devious hackers leveraging various tactics and threat vectors, it’s clear there is no one-size-fits-all approach to protecting the network,” said Tim Helming, director of product management at DomainTools. “What’s interesting about our new global survey data is to see the actual connection between hunting threats and secure networks, as the ‘A’ companies that are more likely to drill down on forensic clues were less likely to be breached compared to the other companies, pointing to some of the necessary components of a more secure network.”
DomainTools’s study polled over 550 global security professionals and executives working in finance, government, healthcare, retail, and technology industries. Regions include North America, EMEA, APAC and LATAM. The survey was conducted by DomainTools in conjunction with Byron Acohido in December 2016 and the full survey results are available upon request.
DomainTools helps security analysts turn threat data into threat intelligence. We take indicators from your network, including domains and IPs, and connect them with nearly every active domain on the Internet. Those connections inform risk assessments, help profile attackers, guide online fraud investigations, and map cyber activity to attacker infrastructure. Fortune 1000 companies, global government agencies, and leading security solution vendors use the DomainTools platform as a critical ingredient in their threat investigation and mitigation work. Learn more about how to connect the dots on malicious activity at http://www.domaintools.com or follow us on Twitter:@domaintools.