SecurityBrief Asia logo
Asia's leading source of cybersecurity and cyber-attack news
Story image

ThoughtLab reveals 10 best practices for cybersecurity in 2022

By Catherine Knowles
Fri 13 May 2022

ThoughtLab, the global research firm, has announced the findings of its 2022 cybersecurity benchmarking study, Cybersecurity Solutions for a Riskier World.

The study analysed the cybersecurity strategies and results of 1,200 large organisations across 14 different sectors and 16 countries, representing $125.2 billion of annual cybersecurity spending.

The research revealed that the pandemic has brought cybersecurity to a critical inflection point. The number of material breaches respondents suffered rose 20.5% from 2020 to 2021, and cybersecurity budgets as a percentage of firms’ total revenue jumped 51%, from 0.53% to 0.80%.

During that time, cybersecurity became a strategic business imperative, requiring CEOs and their management teams to work together to meet the higher expectations of regulators, shareholders and the board.

In addition, the role of the chief information security officer (CISO) expanded, with many taking on responsibility for data security (49%), customer and insider fraud (44%), supply chain management (34%), enterprise and geopolitical risk management (30%), and digital transformation and business strategy (29%).

Yet 29% of CEOs and CISOs and 40% of chief security officers admit their organisations are unprepared for a rapidly changing threat landscape.

The reasons cited include the complexity of supply chains (44%), the fast pace of digital innovation (41%), inadequate cybersecurity budgets and lack of executive support (both 28%), convergence of digital and physical assets (25%), and shortage of talent (24%).

The highest percentages of unprepared organisations were in critical infrastructure industries: healthcare (35%), the public sector (34%), telecoms (31%), and aerospace and defence (31%).

Over the next two years, security executives expect an increase in attacks from social engineering and ransomware as nation-states and cybercriminals become more prolific, according to the report.

Executives anticipate that these attacks will target weak spots primarily caused by software misconfigurations (49%), human error (40%), poor maintenance (40%) and unknown assets (30%).

As part of ThoughtLab’s evidence-based research, its economists assessed the cybersecurity performance of corporate and government organisations against 26 metrics, including times to detect, respond to and mitigate a cybersecurity breach, as well as the number of material breaches suffered.

The benchmarking study revealed 10 best practices that can reduce the probability of a material breach and the time it takes to find and respond to those that happen. These are as follows.

1. Take cybersecurity maturity to the highest level. Organisations that are most advanced in applying the NIST cybersecurity framework outperform others on key metrics, such as time to detect a breach (119 days for advanced vs. 132 days for others). They also have fewer annual material breaches (0.76 for advanced vs. 0.81 for others).

2. Ensure cybersecurity budgets are adequate. ThoughtLab’s analysis found a clear correlation between investment and results. Respondents reporting multiple material breaches in 2021 spent 12.3% of their total IT spending on cybersecurity, while those reporting no material breaches in 2021 spent an average of 12.8%, or $4.7 million more. Organisations that spent more also reported faster times to detect and mitigate a breach.

3. Build a rigorous risk-based approach. On average, risk-based leaders - i.e., those most advanced in quantitative analysis of risk probabilities and impacts - saw 22.5 incidents and 0.75 material breaches in 2021, vs. 27.1 incidents and 0.88 material breaches for risk-based beginners. In addition, 50% of top performers in time to mitigate took a risk-based approach vs. 17% of poor performers.

4. Make cybersecurity people centric. Cybersecurity is as much about humans as it is about technology. Organisations see fewer breaches and faster times to respond when they build a "human layer" of security, create a culture sensitive to cybersecurity risks, build more effective training programs, and develop clear processes for recruiting and retaining cyber staff.

5. Secure the supply chain. For 44% of respondents, the growing use of suppliers is exposing them to major cybersecurity risks. Top performers in time to detect, respond, and mitigate are far more mature in supply chain security. For example, over half of organisations with excellent times to detect are advanced in supply chain security vs. 25% of those with poor times to detect.

6. Draw on latest technologies but avoid product proliferation. Organisations with no breaches invest in a mix of solutions, from the fundamentals such as email security and identity management, to more specialised tools such as security information and event management systems (SIEMs). These organisations are also more likely to take a multi-layered, multi-vendor security approach to monitor and manage risks better through a strong infrastructure.

7. Prioritise protection of links between information and operating technologies. With digital and physical worlds converging, the attack surfaces for respondents are widening. Organisations that prioritise protection of interconnected IT and OT assets experience fewer material breaches and faster times to detect and respond.

8. Harness intelligent automation. Automation, combined with AI and orchestration, helps CISOs deliver results while freeing up staff from mundane tasks. For example, about three out of 10 organisations with excellent dwell times (the time to detect and remediate) use smart automation vs. 17% of organisations with poor dwell times.

9. Improve security controls for expanded attack surfaces. Attack surfaces widened during the pandemic because of greater digital transformation, cloud migration, remote working, and supply chain complexity. Our research shows that more companies need to put security controls in place to cover their expanding technology environments.

10. Do more to measure performance. Currently organisations track just 4.2 cybersecurity metrics on average. Executive teams that are more assiduous - monitoring six or more metrics - experience fewer incidents and material breaches. They also respond faster to attacks.

The research program drew on the expertise of a group of cybersecurity leaders and experts from across the private sector, government and academia.

The group includes global consulting sponsor Booz Allen Hamilton; lead sponsors Elastic, KnowBe4, Skybox Security, Securonix, Claroty, Axis Communications, Votiro, and Zenkey; supporting sponsors ServiceNow, CyberCube, and Resolute Strategic Services; and research partners Internet Security Alliance and ISF.

The advisory board consists of CISOs and other cybersecurity experts from a cross-section of industries.

ThoughtLab CEO and the program's research director Lou Celi says, "The move to digital during the pandemic - and now escalating geopolitical tensions - are ushering in a new era of cybersecurity risk that will require stronger leadership and wider teamwork among C-Suite executives and their staffs.

"While there is no silver bullet, our evidence-based research reveals that organisations need to take their cybersecurity programs to a higher level of excellence by ensuring they are proactive, risk-based, human-centric, digitally advanced, and properly resourced."

Booz Allen Hamilton vice president Paul Sussman says, "This landmark study fills a growing need for industry-specific cybersecurity metrics that companies can use to measure their performance against their peers. The research shows that firms have made considerable progress against cybersecurity frameworks like NIST, but they need to do more to keep their organisations safe."

Related stories
Top stories
Story image
DevOps
Dynatrace extends application security capabilities for runtime environments
Dynatrace has announced that it has extended its Application Security Module to detect and protect against vulnerabilities in runtime environments.
Story image
Data Protection
Zero Trust, but verify - finding the OT in ZerO Trust
The move to remote and cloud-based technologies has shifted the goalposts for cybersecurity. It now needs to cover multiple people, devices, platforms, and networks.
Story image
Cloud Security
Tenable makes additions to Cloud Security portfolio
Tenable has announced additions to Tenable Cloud Security that represent the next step in assessing threats related to cloud vulnerabilities.
Story image
Microsoft
Avast reveals zero-day exploits targeting Chrome and Microsoft
Avast, released its Q2/2022 Threat Report today, revealing a significant increase in global ransomware attacks, up 24% from Q1/2022.
Story image
scam
Classiscam threat expands to target leading platforms in Singapore
Researchers at Group-IB have uncovered that Classiscam, a sophisticated scam-as-a-service operation, has expanded to Singapore.
Story image
Government
Mandiant researchers uncover significant new disinformation campaign
Researchers from Mandiant say they have uncovered a significant disinformation campaign from the Chinese Government in the wake of U.S. Speaker Nancy Pelosi's visit to Taiwan.
Story image
Web application firewall
Radware recognised in KuppingerCole’s 2022 Leadership Compass report
Radware has been named a Product, Innovation, Market and Overall Leader in the 2022 KuppingerCole Leadership Compass report for Web Application Firewalls.
Story image
Data Protection
Video: 10 Minute IT Jams - An update from SearchInform
Alexey Pinchuk joins us today to discuss the role the company plays in helping organisations manage risk and provide better security outcomes.
Story image
Firewall
Fortinet unveils compact firewall for hyperscale data centres, 5G networks
"Fortinet’s dedication to pushing the boundaries of what is possible in security performance has yielded the most powerful compact firewall yet."
Story image
Gartner Magic Quadrant
Gartner positions Commvault as Leader in 2022 Magic Quadrant
Gartner has named Commvault a Leader in its 2022 Gartner Magic Quadrant for Enterprise Backup and Recovery Software Solutions report.
Story image
Malware
Nozomi Networks Labs identifies impacts on 2022 threat landscape
Nozomi Networks’ latest research finds that wiper malware, IoT botnet activity, and the Russia/Ukraine war have had the biggest impact on the threat landscape in 2022 so far.
Story image
API
Security gaps in APIs plague organisations - study
Together, the findings highlight that existing solutions and API security tactics focused on shift-left strategies are failing to adequately protect APIs.
Story image
Dark web
Beware the darkverse and its cyber-physical threats
A darkverse of criminality hidden from law enforcement could quickly evolve to fuel a new industry of metaverse-related cybercrime.
Story image
Healthcare
SOTI research explores professional's thoughts on digitisation in the healthcare sector
Interconnectivity, automation and data management were the three key trends highlighted in the report as integral parts of successful medical technology implementation.
Story image
Machine learning
Sysdig releases CDR offering to combat cryptojacking
Sysdig has unveiled a cloud detection and response (CDR) offering powered by machine learning to combat cryptojacking.
Story image
SAP
Microsoft unveils two new security products to help reduce attack surfaces
The products are set to give companies deeper insights into threat actor activity and help them successfully navigate the changing threat landscape.
Story image
Malware
Avast One extends protection with Online Safety Score
Avast One has extended its cross-platform support by adding its Online Safety Score feature to both the Mac and iOS platforms of Avast One.
AWS Marketplace
Watch this webinar to gain building blocks for data mesh, and how AWS customers today are successfully enabling domain driven data.
Link image
AWS Marketplace
Learn how security orchestration, automation, and response (SOAR) enhances your security strategy.
Link image
Story image
Gartner
Veeam named Leader in enterprise backup and recovery
"We believe our innovation and ability to execute validates our solid standing as the #1 trusted provider of modern data protection."
Story image
Malware
Research shows attacks on the gaming industry are getting worse
Web application attacks in the gaming sector have grown by 167% from Q1 2021 to Q1 2022, according to new research from Akamai.
Story image
Ransomware
Ivanti and SentinelOne partner on patch management solution
Ivanti and SentinelOne will integrate their technologies Ivanti Neurons for Patch Management and SentinelOne's Singularity XDR platform.
Story image
VMware
Latest VMware threat report reveals truth about deepfakes
"Cyber criminals have evolved. Their new goal is to use deepfake technology to compromise organisations and gain access to their environment."
Story image
Cybersecurity
FirstWave responds to SMB demand for better cybersecurity
FirstWave developed the CyberCision Open Security Management Platform to respond to SMBs 'urgent' need for comprehensive cyber protection.
Story image
Ransomware
Majority of execs in SEA anticipate ransomware attacks
Kaspersky's study uncovers that more than half believe a ransomware attack against their business is too small to worry about.
Story image
Rubrik
Gartner names Rubrik Leader in 2022 Magic Quadrant
Rubrik has been positioned by Gartner as a Leader in the 2022 Magic Quadrant for Enterprise Backup and Recovery Software Solutions.
AWS Marketplace
Whitepaper: A practical guide for mitigating risk in today’s modern applications
Link image
Story image
Data Protection
CyberRes partners with Google Cloud in lead up to BigQuery release
CyberRes, a Micro Focus line of business, has announced a partnership with Google Cloud to support the upcoming release of BigQuery remote functions.
Story image
SaaS
Claroty launches new cloud-based industrial cybersecurity platform
The company says Claroty xDome is the industry's first solution to deliver the ease and scalability of SaaS without compromising on visibility, protection, and monitoring controls.
Story image
Gaming
Attacks on gaming companies more than double over past year
The State of the Internet report shows gaming companies and gamer accounts are at risk, following a surge in web application attacks post pandemic.
Story image
Mergers and Acquisitions
Netskope acquires Infiot, delivers integrated SASE platform
Converged SASE platform provides AI-driven zero trust security and simplified, optimised connectivity to any network location or device, including IoT.
Story image
Indusface
Why enhancing bot protection for web and API endpoints matters
The trouble with bots is that they aren’t all bad. Unfortunately, this can make it challenging to detect malicious bots that find their way into your system and threaten your business.
Story image
IDC
High level of Customer Identity & Access Management adoption
The study from Okta revealed that the pandemic has either accelerated or highlighted the need for digital-first strategies.
Story image
Open source
Flashpoint acquires Echosec Systems, elevates OSINT capabilities
Flashpoint has acquired Echosec Systems, a provider of open-source intelligence and publicly available information.
Story image
Compliance
Why security needs to shape your journey to the cloud
It's estimated that 80% of workloads could be in the cloud in the next few years. How can you make all that data secure?
Story image
Privileged Access Management / PAM
The importance of stopping identity sprawl for cybersecurity
The 2021 Data Breach Investigations Report (DBIR) shows that 61% of all breaches involve malicious actors gaining unauthorised, privileged access to data by using a compromised credential. Unfortunately, it is often too late when the misuse of a credential is detected.
Story image
Cybersecurity
Palo Alto Networks responds to rise in threats with MDR service
Unit 42 Managed Detection and Response is a new service that can offer continuous 24/7 threat detection, investigation and response.
Story image
Data Protection
VMware introduces advanced workload protection for AWS
VMware Carbon Black Workload for AWS delivers comprehensive visibility and security across on-premises and cloud environments for AWS customers.
Story image
Cybersecurity
More than a fifth of cybersecurity teams ban the use of public WiFi
Verizon’s fifth annual Mobile Security Index report has revealed a continued rise in significant cyberattacks in the last year involving a mobile/IoT device.
Story image
ExtraHop
Organisations exposing highly sensitive protocols to public internet
More than 60% of organisations expose remote control protocol SSH to the public internet, while 36% of organisations expose the insecure FTP protocol.
Story image
Cybersecurity
Qualys develops EASM capabilities for Cloud Platform
"Qualys unique approach to EASM is integrating the internal and external asset data from CyberSecurity Attack Management with its VMDR solution into a single view."