Security firm Tripwire has released its State of Cyber Hygiene Report detailing how organisations fall behind on basic cybersecurity practices.
In its report, Tripwire examined how organisations are implementing security controls that the Center for Internet Security (CIS) refers to as “Cyber Hygiene.”
The survey, which includes responses from 306 IT security professionals, found that almost two-thirds of organisations do not use hardening benchmarks, such as CIS or Defense Information Systems Agency (DISA) guidelines, to establish a secure baseline.
Vice President of Product Management and Strategy at Tripwire, Tim Erlin explained why establishing a secure baseline is important for an organisation's security health, saying:
“These industry standards are one way to leverage the broader community, which is important with the resource constraints that most organisations experience. It's surprising that so many respondents aren’t using established frameworks to provide a baseline for measuring their security posture. It’s vital to get a clear picture of where you are so that you can plan a path forward."
Tripwire also found that despite recommendations, 40 per cent of organisations are not scanning for vulnerabilities weekly or on a more frequent basis. Deploying security patches has also become increasingly difficult for businesses, with 27 per cent of organisations taking anywhere from a month to more than one year to deploy a security patch.
When it comes to collecting logs, 54 per cent of businesses are not collecting them from all critical systems into a central location and a majority (97%) of organisations believe they need to become more efficient at checking logs.
Erlin stressed that to be successful, organisation's need to get the basics right first and that cyber hygiene was established to help them do just this, saying:
"When cyberattacks make the news, it can be tempting to think a new shiny tool is needed to protect your environment against those threats, but that’s often not the case. Many of the most impactful and widespread cybersecurity issues stem from a lack of getting the basics right. Cyber hygiene provides the foundational breadth necessary to manage risk in a changing landscape, and it should be the highest priority cybersecurity investment."
Image Credit: Pavel Ignatov / Shutterstock