The fifth annual State of Security Operations Report from LSE listed security specialist Micro Focus finds the UK leading the global pack in improved cyber defence capabilities.
Historical median cyber security maturity levels remained statistically steady across the other seven regions in 2017, but the report identifies significant year-to-year improvements in Asia, BeNeLux (Belgium, the Netherlands and Luxembourg), and South America.
The report, which is based on 200 assessments of 144 discreet Security Operational Centres (SOC) organisations in 33 countries, finds that there was a “turning of the tide” in 2017.
This came, the FTSE 100 company said, after haphazard efforts between 2014 and 2016 that saw many organisations “apply band aids through trendy products while others completely dismantled programs and performed full transformations of the technology deployed only to find similar, dissatisfying results based on internal operational weaknesses.”
Matthew Shriner, VP, Security Professional Services for Micro Focus, said: “We are seeing a much higher degree of operational sophistication than ever before. Whether linked to data regulation, such as the GDPR, or changing internal processes and technology, SOCs are increasingly satisfying the objectives of companies’ cyber defence investments. Nearly 25% of organisations assessed are meeting business goals, a nearly 10% improvement year-on-year.”
Two thirds of all industries experienced median maturity improvement in 2017 with Telecom and Retail showing double digit growth. Technology organizations displayed the largest drop-off in this year’s data at -12%; a dip that the report identifies as largely attributable to significant shifts in their cyber defence operations strategy and the adoption of “new tools and hybrid IT solutions that will take time and effort to mature in the environment.”
A rise in the use of “Deception Grids” (honeypots) was also noted in the survey.
Cyber security across most business and public sector organizations is defensive in nature, creating an asynchronous situation where the adversary knows more about the target and can afford to fail in most attacks, as long as a single attack is successful.
Deception grids can be part of the answer, the report highlights: “As attackers got better at automating the earlier stages of an attack and as the economics and competition for targets became more intense, attackers became more selective about spending resources.”
It adds: “Because of the shift in the economy of an attack, deception grid solutions can be very attractive. By deploying systems that spread misinformation about the target system and leveraging a layer of automated deception, organizations can alter the findings of scripted reconnaissance and cause attackers to deploy resources that are ineffective on the target system and reveal information about themselves.”
Cloud-based security strategies, however, were not all plain sailing, the report emphasises: “For most SOCs a cloud strategy resulted in the loss of visibility and greater initial risk as they now lack insight and can no longer report on the security of many functions moved to the cloud. Most organizations’ cloud strategies focused on application functionality and did not account for the security and logging requirements, storage, and bandwidth necessary for security monitoring… plans to monitor did not follow key assets to the cloud for most security operations centres, leaving these SOCs with visibility only into the functionality that remained within legacy data centre space.”