But sir the dog ate my cloud homework, is no excuse according to the latest ‘Global Cybersecurity Assurance Report Card’ which awarded the UK a C for overall cyber security readiness. The report from network monitoring business Tenable Network Security asked IT practitioners from the UK about their confidence in their respective organisations’ abilities to assess risk, invest in appropriate tools and successfully respond to cyber threats, and our score was 73% overall—an underachieving “C.”
The weak points in the UK were cloud and mobile, with mobile way below average. Cloud vulnerability management and risk assessment was a key concern, with the ability to assess risks in cloud infrastrucuture (IaaS) and cloud services (SaaS) earning a “D” and “D+” respectively. The country’s security professionals gave a failing grade to their ability to assess cyber risks related to mobile devices (rated “F” in UK, and “D” globally). The inability to even detect transient mobile devices in the first place (rated “D”) was another big challenge for the UK's security practitioners, who scored themselves lower than the global average.
While most global respondents believe they have the tools in place to measure overall security effectiveness, scoring “B-,” this view isn't mirrored in the UK, where survey respondents assigned a “C+.”
“What this tells me is that UK security pros have a fairly realistic idea of where they stand when it comes to overall cyber readiness, and they believe there is a lot of room to improve,” said Gavin Millard, EMEA technical director, Tenable Network Security. “Cloud and mobile continue to disrupt enterprise IT, but what the survey shows, alongside an alarming lack of ability to detect and remediate threats associated with these non-traditional attack surfaces, is that security has to evolve in order to keep up with the rate of innovation. Organizations need next-generation solutions that can definitively answer the question ‘How secure are we?’”
According to the survey results, the biggest non-technical challenge facing UK information security professionals is an overwhelming threat environment, followed closely by a lack of qualified workers.
“Attackers are breaching the world’s cyber defenses seemingly at will, and organizations of all kinds are feeling the strain,” said Millard. “As we move into 2016, hopefully all parties will continue to come together to assess cyber security risks, build robust defences and mitigate attacks.”