Tripwire State of Cyber Hygiene Report (August 2018)

When a high-profile cyberattack grabs the headlines, your first instinct may be to funnel resources into purchasing a shiny new tool to defend your organization. But often, that’s not what’s really needed.

Real-world breaches and security incidents prove over and over again that many of the most widespread issues still stem from a lack of basic cyber hygiene. Therefore, organizations can’t overlook the fundamentals such as addressing known vulnerabilities, ensuring secure configuration, and monitoring systems for change.

You can start to build up cyber hygiene by following established best practices such as the Critical Security Controls, a prioritized set of steps maintained by The Center for Internet Security (CIS). There are 20 CIS Controls, but implementing just the top six establishes what CIS calls "cyber hygiene."

This report illustrates how organizations are implementing these top six controls, if at all. To gather this data, Tripwire partnered with Dimensional Research, sending a survey to independent sources of IT security professionals. The survey was completed by 306 participants in July 2018, all of whom are responsible for IT security at companies with more than 100 employees.