Hackers steal A+ for their sophistication, global security merits a C, a new study finds

It might be time to send global cybersecurity to the principal’s office. Or at least detention.

In a report released Tuesday by Tenable Network Security that assessed cybersecurity across the globe Tenable found that global cybersecurity earned an overall score of 76 percent, a letter grade of C.

Tenable conducted the study in August, surveying 504 IT security professionals at companies with 1,000 or more employees, and found that 40 percent feel “about the same” or “more pessimistic” compared to last year concerning their organizations’ ability to defend against cyber-attacks.

RelatedSony's PlayStation 4 could be terrorists' communication tool, experts warn

On a global level, the U.S. scored the highest overall with a B-, followed by Canada with a C+. At the lower end of the scale, Australia earned a D+ and Germany a C-. Industries with the highest security scores were the telecom & technology, which each earned a B-. The government and education sectors fared less well, with each earning Ds.

Although the U.S. was better equipped to assess network infrastructure risk, it earned a D- in its ability to assess mobile device risk.

Related: Catch and stop neighbors stealing your Internet

"The recent, unprecedented cyberattacks have disrupted business for leading global companies, infiltrated governments and shaken confidence among security practitioners," said Tenable CEO Ron Gula, in a press release. "With so much at stake, organizations need to know whether their security programs are effective or if they are falling short.”

In a separate study, IBM highlighted a few security breach tactics it has seen over 2014-2015. These include:


A method that often used two players: an unsophisticated “script kiddie” who launched a highly visible attack and was caught, uncovering a more sophisticated stealthy attacker that had gone undetected until specialists peeled back the layers to uncover them.


Researchers identified two key types or ransomwear. One locks the system and tricks the user into thinking it won’t unlock unless a payment is made. The other encrypts files on the hard drive and data shared over the network and demands payment.

Malicious insiders

Incidents involving things such as shared administrative information and passwords led to system outages and hiccups.

While it remains unclear how companies and individuals can go to the head of the class on this issue, it is clear that more consumers are just a phone swipe away from learning that hackers have taken their smartphone data for ransom.