Global confidence in the ability to assess cyber risk accurately has dropped 12 percentage points during the course of 2016, according to the second annual Global Cybersecurity Assurance Report Card by Tenable Network Security.
Soliciting insights from 700 security practitioners in nine countries, the majority gave global cyber security readiness a ‘C-’ average with an overall score of 70 per cent.
Cloud software as a service (SaaS) and infrastructure as a service (IaaS) were two of the lowest scoring Risk Assessment areas in the 2016 report. SaaS and IaaS were combined with platform as a service (PaaS) for the 2017 survey and the new ‘cloud environments’ component scored 60 percent (D-); a seven point drop compared to last year’s average for SaaS and IaaS.
Risk Assessment for mobile devices dropped eight points from 65 per cent (D) to 57 percent (F); correlating with being identified alongside IaaS and SaaS in last year’s report as one of the biggest enterprise security weaknesses.
Cris Thomas, strategist at Tenable Network Security said: “Today’s network is constantly changing — mobile devices, cloud, IoT, web apps, containers, virtual machines — and the data indicate that a lot of organisations lack the visibility they need to feel confident in their security posture.
DevOps technology was acknowledged as transforming the way software teams collaborate through increased consistency and automation, but 57 per cent of respondents said it could bring new security concerns in the ability to assess security during the DevOps process.
Thomas added: “It’s pretty clear that newer technologies like DevOps and containers contributed to driving the overall score down, but the real story isn’t just one or two things that need improvement, it’s that everything needs improvement.”
Download the full report here