Cybersecurity Grades Rise as Breaches Decline, Confidence in Protection Grows

During a year when major data breaches have made headline news, it is easy to conclude that security teams are losing the cybersecurity battle. However, organizations showed that real progress is taking place.

That was a deduction reached by the Seattle-based DomainTools, which provides a proprietary threat intelligence and investigation platform, in its annual “Cybersecurity Report Card” in which security analysts, threat hunters and other cyberprofessionals on the front lines self-grade their organizations’ security posture.

Thirty percent of respondents gave their program an “A” grade this year – double the percentage of 15% two years ago in 2017. Less than 4% reported a “D” or “F.” The report also looked at the most common threat vectors that organizations detect. Malware, spearphishing and business email compromise rank as the three most predominant forms of attack, with ransomware and DDoS both showing 10% declines since 2017.

Now in its third year, the survey’s responses have built on the results of the 2018 and 2017 report cards, and further strengthen and support numerous trends that have been playing out year-over-year. The DomainTools study also provided insights into how successfully organizations are adapting to the changing threat landscape.

Security breaches among those surveyed continued to decline year-over-year. The percentage of organizations breached in the past 12 months dropped from 26% in 2017 to 15% in 2019, according to the findings. The report also validated automation is “working” and playing an increasingly important role in securing these organizations.

Other key findings included the following:

• More than half (53%) of organizations now carry out security operations with a full in-house security operation center, up 10% over 2017. Grade “A” respondents overwhelmingly rely on in-house SOC to keep their grades high, with 78% reporting on their implementation.
• Automation plays an increasingly important role in securing organizations, with 88% strongly agreeing or agreeing automation improved their staff’s technical skills and general knowledge of cybersecurity. Twenty-two percent of organizations have a high level of automation compared to 45% of Grade “A” organizations, demonstrating the impact automation has on higher ratings of security posture.
• Organizations showed a greater emphasis on proactive threat hunting with 61% of organizations utilizing a threat intelligence platform, up 20% since the 2018 report. Three quarters of Grade “A” organizations relied on threat intelligence platforms.
• Seventy-six percent of organizations and 90% of Grade “A” organizations investigated forensic clues from phishing emails, such as domain name, IP address or email addresses. Another 86% of Grade “A” organizations logged domain name system traffic for later forensic review.
• Thanks to year-over-year increases in the use of automation, in-house SOC and threat intelligence platforms, analysts detected and responded to threats faster. Slightly over half (51%) of organizations with an “A” grade can detect active or suspected cyberattacks several times throughout the day.

“Cyberthreats remain relentless and continue to evolve in complexity, so it is reassuring to see that the confidence of security teams in their security posture is growing in parallel with their success in defending against the latest attacks. It is also exciting to see the results of investments in automation and in-house [security operations centers] paying off as the key components of driving this progress forward,” Tarik Saleh, senior security engineer and malware researcher for DomainTools, said. “Unfortunately, security teams report they are more short-staffed than ever, with the need for more staff as the number one hurdle to achieving an ‘A’ grade in 2019, overtaking budget issues from previous years.”

The survey, conducted by DomainTools in September 2019, polled 525 global security professionals and executives working in finance, government, healthcare, retail, technology and other industries in organizations of up to 10,000-plus employees. Regions included North America; Europe, Middle East and Africa; Asia Pacific and Latin America.