Skip to main content

Over 60 percent of organisations fail to follow basic security benchmarks

(Image credit: Image Credit: Pavel Ignatov / Shutterstock)

Security firm Tripwire has released its State of Cyber Hygiene Report (opens in new tab) detailing how organisations fall behind on basic cybersecurity practices.

In its report, Tripwire examined how organisations are implementing security controls that the Center for Internet Security (CIS) refers to as “Cyber Hygiene.” 

The survey, which includes responses from 306 IT security professionals, found that almost two-thirds of organisations do not use hardening benchmarks, such as CIS or Defense Information Systems Agency (DISA) guidelines, to establish a secure baseline.

Vice President of Product Management and Strategy at Tripwire, Tim Erlin explained why establishing a secure baseline is important for an organisation's security health, saying:

“These industry standards are one way to leverage the broader community, which is important with the resource constraints that most organisations experience. It's surprising that so many respondents aren’t using established frameworks to provide a baseline for measuring their security posture. It’s vital to get a clear picture of where you are so that you can plan a path forward." 

Tripwire also found that despite recommendations, 40 per cent of organisations are not scanning for vulnerabilities weekly or on a more frequent basis. Deploying security patches has also become increasingly difficult for businesses, with 27 per cent of organisations taking anywhere from a month to more than one year to deploy a security patch.

When it comes to collecting logs, 54 per cent of businesses are not collecting them from all critical systems into a central location and a majority (97%) of organisations believe they need to become more efficient at checking logs.

Erlin stressed that to be successful, organisation's need to get the basics right first and that cyber hygiene was established to help them do just this, saying:

"When cyberattacks make the news, it can be tempting to think a new shiny tool is needed to protect your environment against those threats, but that’s often not the case. Many of the most impactful and widespread cybersecurity issues stem from a lack of getting the basics right. Cyber hygiene provides the foundational breadth necessary to manage risk in a changing landscape, and it should be the highest priority cybersecurity investment." 

Image Credit: Pavel Ignatov / Shutterstock

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.