Takeaways from the 2019 Scalar Security Study

The results from the 2019 Scalar Security Study are in. The cross-industry survey of 407 Canadian IT Security and Risk & Compliance professionals signifies the growing reach of costly cyber breaches across the country.

At LogRhythm, we greatly understand the importance of cybersecurity readiness. However, the report continues to underscore deficiencies in security training, inability to perform vulnerability patching at adequate rates, and a lack of response planning.

This study highlights a few important takeaways on the state of cybersecurity readiness in Canada that we’ll cover in this post.

Nearly half of the companies surveyed do not conducting formal security training to help employees identify scams such as phishing or how to properly care for sensitive data.

Unfortunately, users have been — and continue to be — a security program’s weakest link. Users open the attachment in phishing emails, visit questionable websites infected with malvertising, fall prey to social engineering, and can even become the malicious insider themselves due to anger or for illicit financial gain.

For these reasons, LogRhythm continues to innovate our user and entity behavior analytics (UEBA) capabilities to monitor user activity for both known hacking tactics and indicators of compromise (IOCs), as well as unknown hacking tactics via security-relevant behavioral change. However, organizations should not become over-reliant on technology. It is one of the reasons LogRhythm has supported user awareness programs from educational posters that remind your users on password best practices to supporting formal training programs.

Most organizations are barred from performing timely patching or software updates.

Patching continues to be a difficult challenge for organizations of any size. Even with the best intentions, there are significance, material obstacles that delay patching. For instance:

  • Vulnerability notices vary by vendor.
  • The patch itself may create conflicts with other applications.
  • The patch may impair server performance, application uptime, and potentially even certification status.

The reality is that not all types of systems can be rapidly patched. Organizations should inventory these systems, place them under heavier system-level monitoring, and scrutinize activities for known malware activity/indicators and significant behavior changes.

Nearly 75 percent of organizations are not able to adequately update incident response plans (or lack formal response plans altogether).

Without a formal response plan, most organizations rely on the knowledge of individuals. This creates a situation where the time of senior analysts are consumed with performing remedial investigative processes when attempting to qualify, investigate, and mitigate risky activity. While there is a stand-alone market developing for security orchestration, automation, and response (SOAR), analysts have identified that the value of SOAR technology is only recognized by organizations with high security maturity and after upfront time investment.

For these reasons, LogRhythm developed our embedded playbook capabilities with ease of use, ease of update, and ability to share across the customer community in mind to ensure organizations can quickly get started and continue to preserve incident response playbook tasks as they continue to develop.

To learn more, we encourage you to join LogRhythm and Scalar at any one of their Scalar Security Days events across Canada.