We have reached the end of the year, and what a year it has been. Not a month went by without something going down, somewhere. Be it a massive data leak, a hugely vulnerable zero-day, or a newly detected ransomware variant, cyber security is a consistent global news feature.
How secure do you feel? Do you trust cyber security in all its manifestations? Has there been a general decline in global cyber security confidence? And if so, how can that trust be regained?
Cyber Security Assurance
The second annual international survey of information security professionals is complete. The report, delivered by Tenebale Network Security solicits insights from 700 security practitioners across seven industry verticals, assesses countries against a global index score that reflects the overall confidence in global cyber security.
The average overall score is 70 percent — a 6 percent decline from last year’s results. Consequently, global confidence earns a “C-” on the cyber security scorecard. Not great, but evidently not at the bottom of the barrel. Yet.
These challenges are further complicated by the constantly evolving and expanding threat landscape — the number one challenge for security pros for the second consecutive year. This heightened technological complexity creates even more opportunity for attackers to exploit gaps in security coverage, leaving all organizations vulnerable to compromise and breach, regardless of the size of their security investments.
The security practitioners feedback and the full report isn’t a jolly read. It certainly doesn’t imbue the reader with confidence for the coming year. Cyber security could be in dire straits.
[Insert Your Country Here] Is Terrified
I live in the U.K. Our ability to accurately assess cyber security issues and threats has decreased from 73 percent to 59 percent, one of the largest declines in the survey. This 14 percent decrease isn’t conclusive, but it does illustrate the difficulties ahead for U.K. cyber security firms, as well as the escalation of threats throughout 2016. But the U.K. isn’t alone.
Germany “suffered the most pronounced single drop score of any country or industry surveyed for 2017.” Germany’s Risk Assessment rating dropped from 69 percent to 44 percent. The 25-point decrease gives an “F” rating. However, like the U.K., confidence in overall security assurance remains relatively high, increasing by 5-points to 79 percent.
At the other end of the scale, India debuted as the highest scoring country on the 2017 Cybersecurity Assurance Report Card. India’s Security Assurance recorded the only “A” throughout the entire report, and their overall score was 6-points ahead of the second placed United States.
What’s Behind the Numbers?
The numbers and grades offered by the report are not entirely indicative of cyber security confidence. The Global Cybersecurity Report Card is a business focused initiative. It gauges confidence in security professionals in their ability to measure security effectiveness, as well as align security practices to business objectives.
The fears of businesses and the fears of consumers, like you and I, vary, but are still intrinsically linked. Interestingly, the spate of international data breaches and hacking incidents are only just beginning to weigh on the American public.
In October 2015, 49 percent of respondents to an ESET/NCSA security survey “felt strongly and very confident” in their home network and internet connected devices. A further 30 percent “felt confident.” This is despite the fact that “one in five American homes received a data breach notification” during the previous 12 months. Furthermore, over 50 percent received more than one notification.
Fast forward 12 months and 45 percent of Americans are more worried about their online privacy than the year before. However, 75 percent of Americans believe they adequately protect their personal data online, yet struggle with some basic security tasks.
The decline in confidence is understandable. IdentityForce have updated their list of major security breaches throughout the year. Each month has a significant event. Furthermore, some of the events we’ve seen have been, simply put, colossal. Similarly, breachlevelindex document the total number of records lost by month. 2016 makes uncomfortable viewing.
Privacy Paramount to Decline
Privacy is the first word on many internet user’s lips. Consumers are unhappy with the amount of data being hoovered up by all manner of service providers. Furthermore, consumers don’t always trust the websites they browse. The shadows of malvertising, data theft, and online fraud are a constant consumers must, unfortunately, learn to live with.
Transparency in what companies do with data builds consumer trust #Health2016
— JJ Carroll (@JJactuary) November 30, 2016
Tellingly, businesses and regular users both raise concerns about the complexity of online services. That said, they are for different reasons. For instance, a TRUSTe/NCSA survey found 32 percent of respondents “think protecting personal information online is too complex” while 38 percent say “clear procedures for removing personal information would increase trust.” The same survey states that consumers want more control.
- 45 percent want more control over who has access to personal information.
- 42 percent want more control over how this information is used.
- 41 percent want control of the type of information collected.
- 23 percent simply want to delete personal information once collected.
The feedback from businesses is similar.
The marked decline in global confidence levels indicates that security professionals may be experiencing a drop in morale as a result of near-daily data breach headlines, compounded by fatigue as a result of the uphill battle to keep pace with emerging technologies and proliferating threats.
Despite spending tens of billions of dollars on security products and services each year, organizations around the world continue to be affected by data breaches.
We Just Want to Feel Secure
The root cause of diminishing confidence stems from technology overload. In other words, people just cannot keep pace with the rate of development. The rate of development isn’t going to slow — providing ample education is just as difficult. Concerns are real, and rising.
Americans are making significant strides in managing their online lives but the sheer number of new, connected devices have changed what it means to keep our digital lives and home cyber secure.
And just as home users struggle with an increase in devices, businesses struggle with accurate and consistent risk assessment in emerging technologies such as cloud software as a service, infrastructure as a service, containerization platforms, and DevOps environments. Accordingly, if businesses fail to assess and secure their services, invariably consumers will be affected.
Has global cyber security confidence fallen? Absolutely.
Is it at a critical point? Only education has the answer.
Are your cyber security skills up to scratch? What are your biggest cyber security concerns for 2017? Is enough done to protect your privacy and security? Let us know your thoughts below!