Modest improvement in cybersecurity in 2H 2021, report suggests

Share post:

Organizations modestly improved their cybersecurity posture in the second half of last year, if the latest results from infosec respondents using a self-assessment tool called the Cyber Risk Index (CRI) are accurate. On Monday, the latest biannual results from respondents using the tool — which was created by the Ponemon Institute for Trend Micro — were released, which shows globally the CRI was -0.04 for the second half of 2021. That compares to -0.42 for first half of 2021. The scoring system runs from -10 to +10, with a positive score representing a good result. “Overall, the CRI trended upward globally due to enhanced cyber preparedness and respondents perceiving the threat landscape as improving,” the report’s authors say. Latin/South America was the only region that saw a lower CRI in comparison with other regions. Canada received a score of -0.16. According to the report’s authors that shows that this country has a moderate cyber risk level in comparison to global and U.S. respondents. According to a Trend Micro news release that pulled Canadian numbers from the survey, 83 per cent of respondents said they suffered one or more successful cyber-attacks in the past 12 months, with 32 per cent saying they’d experienced seven or more. The CRI is composed of the scores from answers by infosec pros (including CISOs) to a number of questions. These questions are split into what is called a cyber preparedness index, which tries to measure an organization’s readiness to defend against cyber attacks, and the cyber threat index which tries to represents the state of the threat landscape at the time the CRI was calculated. The CRI is calculated by subtracting the cyber threat index scores from the cyber preparedness index Respondents are asked questions such as ‘how many separate data breach incidents involving the loss or theft of customer records did your organization experience over the past 12 months’, and ‘what is the likelihood that your organization will experience one or more cyberattacks that have infiltrated your networks or enterprise systems within the next 12 months?’ For the latest survey, just over 3,400 infosec pros responded, including 980 in North America. “As organizations constantly navigate the ever-evolving security landscape, understanding what makes their businesses vulnerable is critical,” Greg Young, vice-president of cybersecurity at Trend Micro Canada, said in a statement. “This is where reports like the CRI can be a great resource in highlighting areas of possible concern to help organizations develop an effective cybersecurity strategy.” Note that of the respondents, only 36 per cent said they were “very familiar” with their organization’s approach to information security. Another 36 per cent said they were “familiar,” while 28 per cent said they were “somewhat familiar” with their organization’s approach to IT security. Only 36 per cent said they had full responsibility for infosec, with another 37 per cent saying they had some responsibility and 28 per cent saying they had minimal responsibility. The report said businesses can still effectively minimize their risks by implementing security best practices. These include:
  • identifying and building security around critical data by focusing on risk management and the threats that could target this data;
  • implement attack surface discovery to identify both internal and external systems, accounts, devices that you have;
  • minimizing infrastructure complexity and improving alignment across the whole security stack;
  • getting senior leadership to view security as a competitive advantage;
  • improving the ability to protect the business environment, including properly securing bring your own device (BYOD), internet of things (IoT) and industrial IoT devices (IIoT), and cloud infrastructure;
  • investing in both new talent and existing security personnel to help them keep up with the rapidly evolving threat landscape, as well as improve retention;
  • reviewing existing security solutions with the latest technologies to detect advanced threats like ransomware and botnets;
  • improving IT security architecture with high interoperability, scalability, and agility.
The post Modest improvement in cybersecurity in 2H 2021, report suggests first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Microsoft announces enhanced security feature for OneNote

Microsoft has released further information on the increased security measures it is deploying for OneNote in order to...

Russian hacker group steals Emails of NATO officials and diplomats

Since February 2023, a Russian hacking gang known as TA473 or 'Winter Vivern' has targeted unpatched Zimbra endpoints...

Canadian cybersecurity accelerator counts its accomplishments

A Canadian university-associated business accelerator for helping early-stage cybersecurity companies says its first two years of operation have been more than satisfactory. The Rogers Cybersecure Catalyst Accelerator has had “an incredible impact” on Canadian cybersecurity entrepreneurs and founders, executive director Charles Finlay said this week in the first report on the program’s progress. Despite having

Crackdown on ransomware gangs yet to show an impact: OpenText

In its annual cybersecurity report OpenText also looked at malware, phishing and infec

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways