Modest improvement in cybersecurity in 2H 2021, report suggests

Share post:

Organizations modestly improved their cybersecurity posture in the second half of last year, if the latest results from infosec respondents using a self-assessment tool called the Cyber Risk Index (CRI) are accurate. On Monday, the latest biannual results from respondents using the tool — which was created by the Ponemon Institute for Trend Micro — were released, which shows globally the CRI was -0.04 for the second half of 2021. That compares to -0.42 for first half of 2021. The scoring system runs from -10 to +10, with a positive score representing a good result. “Overall, the CRI trended upward globally due to enhanced cyber preparedness and respondents perceiving the threat landscape as improving,” the report’s authors say. Latin/South America was the only region that saw a lower CRI in comparison with other regions. Canada received a score of -0.16. According to the report’s authors that shows that this country has a moderate cyber risk level in comparison to global and U.S. respondents. According to a Trend Micro news release that pulled Canadian numbers from the survey, 83 per cent of respondents said they suffered one or more successful cyber-attacks in the past 12 months, with 32 per cent saying they’d experienced seven or more. The CRI is composed of the scores from answers by infosec pros (including CISOs) to a number of questions. These questions are split into what is called a cyber preparedness index, which tries to measure an organization’s readiness to defend against cyber attacks, and the cyber threat index which tries to represents the state of the threat landscape at the time the CRI was calculated. The CRI is calculated by subtracting the cyber threat index scores from the cyber preparedness index Respondents are asked questions such as ‘how many separate data breach incidents involving the loss or theft of customer records did your organization experience over the past 12 months’, and ‘what is the likelihood that your organization will experience one or more cyberattacks that have infiltrated your networks or enterprise systems within the next 12 months?’ For the latest survey, just over 3,400 infosec pros responded, including 980 in North America. “As organizations constantly navigate the ever-evolving security landscape, understanding what makes their businesses vulnerable is critical,” Greg Young, vice-president of cybersecurity at Trend Micro Canada, said in a statement. “This is where reports like the CRI can be a great resource in highlighting areas of possible concern to help organizations develop an effective cybersecurity strategy.” Note that of the respondents, only 36 per cent said they were “very familiar” with their organization’s approach to information security. Another 36 per cent said they were “familiar,” while 28 per cent said they were “somewhat familiar” with their organization’s approach to IT security. Only 36 per cent said they had full responsibility for infosec, with another 37 per cent saying they had some responsibility and 28 per cent saying they had minimal responsibility. The report said businesses can still effectively minimize their risks by implementing security best practices. These include:
  • identifying and building security around critical data by focusing on risk management and the threats that could target this data;
  • implement attack surface discovery to identify both internal and external systems, accounts, devices that you have;
  • minimizing infrastructure complexity and improving alignment across the whole security stack;
  • getting senior leadership to view security as a competitive advantage;
  • improving the ability to protect the business environment, including properly securing bring your own device (BYOD), internet of things (IoT) and industrial IoT devices (IIoT), and cloud infrastructure;
  • investing in both new talent and existing security personnel to help them keep up with the rapidly evolving threat landscape, as well as improve retention;
  • reviewing existing security solutions with the latest technologies to detect advanced threats like ransomware and botnets;
  • improving IT security architecture with high interoperability, scalability, and agility.
The post Modest improvement in cybersecurity in 2H 2021, report suggests first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Canada, U.S. sign international guidelines for safe AI development

Eighteen countries, including Canada, the U.S. and the U.K., today agreed on recommended guidelines to developers in their nations for the secure design, development, deployment, and operation of artificial intelligent systems. It’s the latest in a series of voluntary guardrails that nations are urging their public and private sectors to follow for overseeing AI in

Cyber Security Today, Nov. 27, 2023 – Ransomware gang posts data stolen from a Canadian POS provider, and more

This episode reports on the latest ransomware attacks, and details of how a gang that scams people selling used products on

Cyber Security Today, Week in Review for the week ending November 24, 2023

This episode features discussion on Australia's decision to not make ransowmare payments illegal, huge hacks of third-party service suppliers in Canada and the U.S. and whether email and smartphone service providers are doing enough to protect

Cyber Security Today, Nov. 24, 2023 – A warning to tighten security on Kubernetes containers, and more

This episode reports on the increasing number of vulnerable Kubernetes containers online, the latest acknowledged data breaches, a browser scam aimed at Macs

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways