The State of Data Security
34
The State of Data Security: How to Prepare for 2017
-
Upload
razor-technology -
Category
Business
-
view
276 -
download
0
Transcript of The State of Data Security
The State of Data Security: How to Prepare for 2017
DATA JUST KEEPS GROWING
90% of data that exists today
was created in the
PAST 2 YEARS.1
2.5 QUINTILLION bytes of data are created each day, growing at a rate
FOUR TIMES FASTER than the world’s economy.1
This massive amount of data allows organizations to take a more qualitative approach to business and customer
service, but also makes them vulnerable to a continually increasing number of threats.1
THREATS KEEP GROWING TOO
MORE THAN
353 MILLION infected files are exposed
to networks each day.2
TOTAL MALWARE by the end of 2015 reached nearly
500 MILLION.2
Ransomware generated
$209 MILLION for cybercriminals in the first three months of 20163
with an average of
4,000 ransomware attacks each day4
and
9,515 ransoms paid every month5
“The largest threat is still your end user and their willingness to click on links and attachments in emails.”
– Jason Beltrame, Systems Engineer at CISCO
We saw a significant spike in Ransomware attacks and many of these were a result of a Phishing scam where the end user clicked on a link/email attachment that looked as if it came
from a reputable sender (inside the organization).”– Adam Kaplan, Regional Security Account Manager at CISCO
The biggest security threat in 2016 is the inability to enforce a least-privilege security model.”6
- Michael Broadwood, Varonis
BREACHES ARE COSTING BUSINESSES MONEY!
IN 60% of data breach cases, attackers are able to compromise an organization in minutes.7
The average cost of a data breach is now
$3.8 MILLION with an average estimated cost of
$154 per stolen record.8
2014 - Yahoo was compromised by a data breach and confirmed at least 500 million user accounts had been stolen in what may be the biggest data breach of all time.10
2015 - The United States Office of Personnel Management had 21.5 million background investigation records of current, former, and prospective Federal employees and contractors stolen. The personnel data of 4.2 million current and former Federal employees was stolen.11
2012 - Dropbox was hacked and 68 million user accounts were leaked online with their associated passwords.9
2016 - a number of BuzzFeed’s posts were vandalized by a group of hackers called OurMine after publishing a story threatening to expose one of the members.12
Real World Examples
WHY DOES THIS KEEP HAPPENING?
Organizations need to realize that continuing to invest in “business as usual” IT security tools is no longer
enough to protect critical data.”
- 2016 Vormetric Data Threat Report
Attacks are getting more and more unique, targeted and sophisticated, making it impossible for legacy
detection based solutions to capture.”
- Brian Feller, Avecto
It's not so much people not realizing they're vulnerable than it is they don't
believe they're a target. The fact is, anybody can be a target.”
- Lance Spitzner, founder of The Honeynet Project
If data is stored in the cloud (AWS, box, salesforce), your data is not automatically safe. It’s a shared responsibility between the cloud
vendor and the customer to protect that data.”
– Jason Beltrame, Systems Engineer at CISCO
Most companies are overlooking that fact that their users are more of a security risk than the outside world anymore.”
– Adam Kaplan, Regional Security Account Manager at CISCO
Critical finding illustrate organizations continue to equate compliance with security in the belief that meeting compliance requirements will be enough”
- 2016 Vormetric Data Threat Report
Organizational Security Holes Contribute to Incidents
3,571
47%
30%
< 1%
Around
55%
1 in 6
Insider Incidents
A majority of the 3,571 services used by surveyed organizations lacked basic security features.13
1 in every 6 users will misuse or expose data.14
Insider incidents are the hardest (and take the longest) to detect. Of all the incidents, these insider misuse cases are the most likely to take months or years to discover.15
47% of companies report users having excessive right.14
30% of phishing messages are opened.14
Less than 1% of severe/critical security alerts are investigated.14
Around 55% of all businesses acknowledge that they secure credit card information but not Social Security numbers, bank account details, and other personal data.16
Fragmented cloud service use increases risk!
Organizations use an average of 24 different file sharing services and 91 different collaboration services,
resulting in greater risk since 60% of the file sharing services used are high risk services.17
No business is too small to evade a cyber attack or data breach.”
- Ponemon Institute
WHAT ARE IT DEPARTMENTS DOING
ABOUT THIS?
Businesses have been steadily increasing spending in
network security since 2007.
But SMB personnel, budget, and technologies are insufficient to have a strong security posture. So, some SMBs engaged
managed security service providers to support an average of 34% of their IT security operations.18
WHAT DO EXPERTS RECOMMEND?
Organizations can make immediate improvements by:
Consider an “encrypt everything” strategy.
Implement an end-to-end security solution that addresses a variety of use cases.
Implement analytics to start identifying threatening patterns of data use.19
1
2
3
Enterprises of all shapes and sizes need to evaluate their security strategy when related to the end-points. Once an attacker has gained access, in many cases they have the
proverbial “keys to the kingdom.”
- Brian Feller, Avecto
Water finds cracks, thus the foundation of any security architecture requires the end-points (PCs, laptops, Macs) to be locked-down on an enterprise level, whether you
have 10 or 10,000 users.
- Brian Feller, Avecto
Spend
75% of IT budgets on
RISK PLANNING.20
Customers must look at the threat as dynamic and always changing.”
- Adam Kaplan, Regional Security Account Manager at CISCO
Organizations live and die by public perception, so layering in security at
all levels of business is becoming the only true insurance.”
- Varonis
The need for security at all phases of the attack continuum is important. Having products as well as remediation efforts in place to defend against the threat before it occurs, while it’s
occurring, and after the breach is a great philosophy to prevent breaches and limit the
spread in the inevitability of an outbreak.”
– Jason Beltrame, Systems Engineer at CISCO
Predictions for the Future?
“Customers will continue to store their information in the cloud with Box, Salesforce, AWS and other cloud based solutions and the need for cloud access security broker (CASB) solutions will increase.”– Jason Beltrame, Systems Engineer at CISCO
“End-users will continue to be targeted as the primary attack surface.” - Brian Feller, Avecto
“Ransomware will continue to grow and spread.”– Adam Kaplan, Regional Security Account
Manager at CISCO1
2
3
Predictions for the Future?
80% of new deals for cloud-based CASB will be packaged with network firewall, secure web gateway (SWG) and web application firewall (WAF) platforms.21
The need to prevent data breaches from public clouds will drive 20% of organizations to develop data security governance programs.21
BY
2018
BY
2020
Better security in the enterprise will lead to more attacks on employees as they work from home. (McAfee Labs 2016 Threat Predictions)
1 VCloudNews
2 McAfee Quarterly Threat Report — March 2016
3 According to the U.S. Department of Justice
4 Multiple U.S. Government departments
5 According to Cisco’s 2016 Annual Security Report
6 Pomemon Institute
7 2015 Verizon Data Breach Investigations Report
8 Cyberwurx, 2016
9 4 Year Old Dropbox Hack Linked 68 Million Users’ Data
10 Yahoo Hackers Stole 500 Million User Accounts in 2014
11 Cybersecurity Incidents
12 Buzzfeed Hacked by OurMine After Exposing Member
13 Skyhigh Cloud Adoption & Risk Report
14 Imperva
15 Verizon 2016 Data Breach Investigations Report (DBIR)
16 Imperva and the Ponemon Institute
17 Skyhigh Cloud Adoption & Risk Report
18 The 2016 State of SMB Cybersecurity Report by Ponemon Institute
19 2016 Vormetric Data Threat Report
19 TechTarget
20 Top 10 Security Predictions 2016
Sources:
The need for increased IT security is clear. Businesses must adapt to meet these evolving IT security threats with a unified, connected solution. If you’re interested in learning how to protect your organization from malware, breaches and other IT security threats get started today by downloading, “Security, Manageability, and Reliability: The Keys to Safe Data.”
Download Guide
5 Tower Bridge, 300 Barr Harbor Drive, Suite 705, West Conshohocken, PA 19428
866.797.3282 www.razor-tech.com
