Coming off of a year of major data breaches making headline news, it’s easy to draw the conclusion that security teams are losing the cybersecurity battle, a DomainTools survey reveals.
Security teams remain confident
Security pros are reporting real progress being made as confidence in their programs continues to grow: Thirty percent of respondents gave their program an “A” grade this year, doubling over two years from 15 percent in 2017. Less than four percent reported a “D” or “F”.
Security breaches among those surveyed are also continuing to decline year-over-year. The percentage of organizations that indicate they have been breached in the past 12 months has dropped from 26 percent in 2017 to 15 percent in 2019, according to the findings.
The report also validates that automation is “working” and is playing an increasingly important role in securing these organizations.
“Cyber threats remain relentless and continue to evolve in complexity, so it is reassuring to see that the confidence of security teams in their security posture is growing in parallel with their success in defending against the latest attacks.
“It is also exciting to see the results of investments in automation and in-house SOCs paying off as the key components of driving this progress forward,” said Tarik Saleh, Senior Security Engineer & Malware Researcher. “Unfortunately, security teams report they are more short-staffed than ever, with the need for more staff as the number one hurdle to achieving an ‘A’ grade in 2019, overtaking budget issues from previous years.”
In-house SOC: More than half (53%) of organizations now carry out security operations with a full in-house SOC, up 10 percent over 2017. Grade “A” respondents overwhelmingly rely on in-house SOC to keep their grades high, with 78 percent reporting on their implementation.
Automation: Automation is playing an increasingly important role in securing organizations, with 88 percent strongly agreeing or agreeing that automation has improved their staff’s technical skills and general knowledge of cybersecurity.
22 percent of organizations have a high level of automation compared to 45 percent of Grade “A” organizations, demonstrating the impact automation has on higher ratings of security posture.
Threat hunting: Organizations are showing a greater emphasis on proactive threat hunting. 61 percent of organizations now utilize a threat intelligence platform, up 20 percent since the 2018 report. 75 percent of Grade “A” organizations rely on threat intelligence platforms.
Forensic analysis: Forensic clues from phishing emails, such as domain name, IP address, or email address are investigated by 76 percent of organizations and 90 percent of Grade “A” organizations. 86 percent of Grade “A” organizations also log DNS traffic for later forensic review.
Finding threats faster: With year-over-year increases in the use of automation, in-house SOC and threat intelligence platforms, analysts are able to detect and respond to threats faster. 51% of organizations with an “A” grade are able to detect active or suspected cyberattacks several times throughout the day.
Also, malware, spearphishing, and business email compromise are the three most predominant forms of attack, with ransomware and DDoS both showing 10 percent declines since 2017. Security teams remain confident for now, we’ll see how the evolution of these threats will impact their decision-making in 2020.