Content, Content

Measuring Cybersecurity Maturity: How Do Organizations Rank?

Dimension Data's new Executive Guide to NTT Security’s 2019 Global Threat Intelligence Report measures an organization’s cybersecurity maturity by assessing its processes, metrics and strategies. Overall, it’s not a pretty picture.

Twitter: @NTTSecurity_US
Twitter: @NTTSecurity_US
Twitter: @DimensionData

By way of background, NTT Security (a Top 100 MSSP) and Dimension Data are sister companies.

Although businesses are making strategic investments to boost their security profile, “current ambitions outpace cyber preparedness,” Dimension wrote. In other words, organizations have a great deal of work to do to shore up their defenses. Dimension’s analysis of global attack and incident response data gleaned from more than 150 million cyber attacks and some 6.1 trillion logs worldwide reveal a global average cybersecurity maturity rating of only 1.45 out of a top score of five. Companies in the Americas lagged behind all other regions with an average maturity score of 1.21. That the number of security vulnerabilities has spiked by 12.5 percent from 2017 makes the maturity figures are all the more worrisome, Dimension said.

About 22 percent of all global attacks originate from the U.S., by far the most common attack source.

Key Findings - Americas Region:

Finance: Improved security preparedness in the finance sector has resulted in a decline in attack volumes, as threat actors seek out easier targets, especially those with weaknesses in their supply chains. The finance sector’s current maturity state (1.71) is above the global average.

Technology: The technology sector’s maturity rating (1.35) lags the global maturity average despite being the most-targeted sector.

Healthcare: The Americas healthcare sector is better prepared than several other regions, but its current maturity is lacking (1.32) and still trails the global benchmark despite the rising number of attacks being launched against this sector.

Education: The education sector in the Americas (as in all regions) is least prepared to handle the increased sophistication of cyber threats, especially concerning given the rise in the percentage of attacks on the education sector from one percent to seven percent between 2017 and 2018.

“We’re speedily seeing a much-needed increase in awareness across each sector when it comes to security, privacy, and risk,” said Joshua Knight, Dimension Data Americas vice president and cybersecurity general manager. “That awareness is happening at the C-suite and board level, leading to an encouraging climb in cyber maturity across the security landscape.

The research also revealed the most common attack types. Web attacks are the most prevalent threat, doubling in frequency since 2017 and accounting for 32 percent of all attacks detected last year. Reconnaissance (16%) was the next most common hostile activity, followed by service-specific attacks (13%) and brute-force attacks (12%).

Additional Study Highlights

  • Globally, 35 percent of attacks originate from IP addresses within the U.S. and China, followed by EMEA and APAC.
  • Cryptojacking represents a significant amount of hostile activity, at times accounting for more detections than all other malware combined, hitting the technology and education sectors hardest.
  • Credential theft is up as attackers target cloud credentials, with tech companies (36%), telcos (18%), and business and professional services (14%) significantly impacted.

Dimension offered a couple of recommendations for how companies can improve their security benchmark score:

  • Improve their security posture across cybersecurity, governance, risk, and compliance and identity access management.
  • Place appropriate focus on threat intelligence to monitor known threats and analyze emerging ones, operational technology, the Internet of Things and cloud.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.