[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]
* Achieving holistic cybersecurity
* Insurers adapt coverage to meet evolving terrorist threat
* What are the Challenges and Benefits of Outsourcing your Security Functions?
* 5 Secret Habits Of Highly Successful Network Security Programs
* PhishMe May Cybercrime Alert: Whaling Attacks, Employee Data Theft Expected to Surge
* How to scan for malware in the private cloud – without the performance hit
* Cloud security concerns rise as investment grows
* Study the opposition in fighting cyber crime
* Kenya to domesticate international cyber crime law
* Next Generation of Cyber Attacks to Focus on Manipulating Data
* Effective incident response is key to managing and recovering from cyber security breaches
* Why signature-based detection isn’t enough for enterprises
* Why Security Investigators Should Care About Forensic Research
* Post-breach forensics: Building the trail of evidence
* Arbor Networks report finds relentless threat environment
* Infoblox Network Protection Survey: Organizations Utilizing Best Practices Enjoy Outsized Business Outcomes
* Cyber attack attribution: Strategies and tools for business organizations
* Soha Systems’ Survey Reveals Only Two Percent of IT Experts Consider Third-Party Secure Access a Top Priority, Despite the Growing Number of Security Threats Linked to Supplier and Contractor Access
* Security spending rises in areas ineffective against multi-stage attacks
* Singapore developing cyber security insurance
* CISO Playbook: Games Of War & Cyber Defenses
* Network and Information Security Directive set to come into force in August
* Geo-locations don’t deter cyber attacks
* How to Address the Cybersecurity Resourcing Challenge
* HKMA raises cybersecurity DEFCON level with new cyber resilience initiative
Achieving holistic cybersecurity
Security programs need effective protection of valuable information and systems to prevent data breaches, and to comply with the ever-increasing federal compliance requirements.
Among others, there are the Federal Information Security Management Act (FISMA), the Privacy Act, policy and guidance from the Office of Management and Budget and the National Institute for Standards and Technology, the General Services Administration’s Federal Risk Authorization and Management (FedRAMP) program, and the Federal Acquisition Regulation to be considered.
To be effective, CIOs and CISOs need timely cyber security insights to take proactive actions, because today’s security challenges are greater than ever.
To address external, internal, and compliance challenges through a proactive approach, mission-oriented cognitive cybersecurity capability is needed.
To achieve such capability, four key areas must be addressed:
– Security architecture effectiveness
– Critical data protection.
– Security compliance.
– A holistic security program.
A holistic security program focuses on protection through continuous monitoring of systems and data.
This involves moving from the traditional defensive-reactive approach to a defensive-proactive (predictive) approach, using cyber analytics to foster “security intelligence” that also protects privacy.
Continuous monitoring is now required by OMB and NIST mandates, and it can be supplemented using cyber analytics to proactively highlight risks and identify, monitor and address threats.
Continuous monitoring, when combined with cyber analytics via security intelligence, can provide key cybersecurity capabilities.
Along with analysis of cyberthreat related data sources (e.g., through DNS, Netflow, or query results), continuous monitoring provides the needed context for fusion of data — data that can be analyzed using tools that produce actionable, meaningful and timely information for CISOs and CIOs to address the most important issues affecting their agency and deter and prevent cyber threats.
By using such systems, agency executives involved in cybersecurity can move from a basic to an optimized level of security intelligence as depicted below.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=161d8cdbf6&e=20056c7556
Insurers adapt coverage to meet evolving terrorist threat
Larger businesses often have insurance and disaster recovery plans to get back up and running quickly.
But smaller companies typically do not.
Pool Re has developed a discounted, bespoke version of terrorism insurance for small and medium businesses, but has work to do to encourage take-up.
The reinsurer estimates less than 5 per cent of small businesses have terrorism insurance policies.
The increased incidence of attacks by smaller groups of terrorists in western cities has been met with rising demand for insurance against event cancellation, denial of access losses — where an attack means that the business owners and customers cannot get into the building — and third-party liabilities.
The latter, called ‘liability terrorism’ by some in the industry, would protect an insured business against being pursued for liabilities after an attack.
An example would be a hotel without adequate security measures or a public space where evacuation procedures failed.
In the US, “active shooter” policies insure universities and other institutions against costs arising from a lone shooter rampaging on their property.
These are designed to protect them against legal liability if they are judged to have failed to prevent an attack.
Insurers expect further cyber terror attacks to follow. “If and when terrorists have the capability to utilise a cyber capability as a weapon, then they will,” says Mr Enoizi. “That threat may be one that only a mechanism such as Pool Re can deal with, given the potential scale of losses.”
Dan Trueman, head of Novae’s cyber division, says: “We have moved beyond privacy towards policies that focus more on the first-party consequences, namely business interruption, reputational damage and system failure.”
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5c94d59a89&e=20056c7556
What are the Challenges and Benefits of Outsourcing your Security Functions?
The increasing complexity of the threat landscape has spawned more complex security technologies to combat those threats.
Thus, the importance of the “human element” is more prevalent in security management discussions than before.
Today, the choices are either to procure security technology and deploy adequate internal resources to use them effectively, or outsource to a provider who is experienced with the selected technology.
Outsourcing security allows organizations to affordably leverage expertise that may not be available internally, but at the cost of losing control.
Many providers offer cookie-cutter, one-size-fits-all solutions, which may not meet a specific enterprise’s needs.
A third option that is gaining increasing popularity is co-sourcing.
In this model, the provider does the technology-specific heavy lifting and leaves a specific organization’s network independent, allowing remediation to be performed by the in-house team.
Organizations can also customize the solution, and keep data on your premises.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=37f149ce78&e=20056c7556
5 Secret Habits Of Highly Successful Network Security Programs
A new report out today shows that when IT organizations are segmented by security success factors, the top performers share a number of network security best practices.
Conducted by ReRez Research and commissioned by Infoblox, the study highlighted in these findings took a close look at 200 large organizations to see how habits differed among top-tier organizations and everyone else.
Top-tier organizations are twice as likely to meet SLAs and ten times as likely to remediate security events extremely quickly, and they are much less likely to experience security-related outages or breaches.
They are four times as likely to have complete control over their IP addressing.
And they’re twice as likely to focus on strategic rather than tactical tasks.
Here are some of the reasons why they post those kinds of results:
– Make Better Use Of Intelligence
– Instill Cooperation Between Network, Security, And App Teams
– Leverage DNS/DHCP Data
– Automate Basic Tasks
– Invest In Security Staff
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5d13ad5e27&e=20056c7556
PhishMe May Cybercrime Alert: Whaling Attacks, Employee Data Theft Expected to Surge
For several years, PhishMe researchers have tracked all forms of phishing attacks in the wild, including those related to malware, ransomware, wire fraud, data theft and more.
Recently, PhishMe observed an increase in attacks across the board but has also noticed cybercriminals’ concentrating efforts around BEC scams and Whaling.
BEC and Whaling attacks often bypass perimeter and end-point security controls, as they are typically designed to identify malware and URLs contained in email attachments that download malicious payloads and link to suspicious websites.
In these cases, the emails don’t necessarily contain attachments or links, leaving humans as the only line of defense.
PhishMe advises organizations to condition employees to identify and report attacks through phishing simulations that leverage real-world scenarios and empower them to respond to phishing incidents.
To prevent cybercriminals from turning your organization into their next victim, take extra steps to ensure that:
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=391ed67384&e=20056c7556
How to scan for malware in the private cloud – without the performance hit
Most people associate cloud security concerns with the placement of sensitive data in public cloud data centers, or the transmission of data between public and private clouds.
But many of the security challenges associated with private cloud computing can be traced to the virtualized infrastructure that gives these environments their flexibility, efficiency, and easy scalability.
Most notably, implementing hundreds or thousands of virtual machines with traditional antivirus (AV) solutions can be like pouring molasses into the gears of your business operations.
The problem is that AV programs designed to run their scans on physical servers can siphon off too much memory and processing power when they’re deployed on every virtual machine in your private cloud environment.
These resource demands can dramatically reduce the VMs’ ability to perform their core business functions whilst decreasing VM consolidation ratios.
Faced with these hard realities, more companies are turning to AV solutions designed specifically to protect virtualized environments.
The concept involves offloading AV scanning, configuration and .DAT update operations to a security virtual appliance (SVA).
Cleared files (or those signed by trusted certificates) reside in the SVA’s global cache and can be called by the VMs without having to go through additional scanning.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=fb182a8ac3&e=20056c7556
Cloud security concerns rise as investment grows
Crowd Research Partners has released the results of its 2016 Cloud Security Spotlight Report, created in conjunction with leading cloud security vendors Alien Vault, Bitglass, Cato Networks, CloudPassage, Dell Software, Dome9 Security, IMMUNIO, (ISC)2 and Randtronics.
Among the findings are the main barriers to cloud adoption, led by general security concerns (53 percent, up from 45 percent in last year’s survey), legal and regulatory compliance concerns (42 percent, up from 29 percent), and data loss and leakage risks (40 percent).
The rise in specific concerns about compliance and integration suggests, say the report’s authors, that companies are moving from theoretical exploration of cloud models to actual implementation.
The biggest threat to cloud security comes from unauthorized access through misuse of employee credentials and improper access controls (53 percent).
This is followed by hijacking of accounts (44 percent), insecure interfaces/APIs (39 percent), and external sharing of sensitive information (33 percent).
84 percent of respondents are dissatisfied with traditional security tools when applied to cloud infrastructure.
Traditional network security tools are somewhat ineffective according to 48 percent of respondents, or completely ineffective (11 percent), 25 percent say effectiveness can’t be measured in cloud environments.
Organizations moving to the cloud have a variety of choices available to strengthen their cloud security. 61 percent of organizations say they plan to train and certify existing IT staff, 45 percent want to partner with a managed security services provider, and 42 percent plan to deploy additional security software to protect data and applications in the cloud.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5b01e9bb4e&e=20056c7556
Study the opposition in fighting cyber crime
Money is the primary, but not the sole motivation for cyber crime, says Intel Security’s Raj Samani.
The biggest cyber threat faced by society is ransomware.
Criminals are becoming more innovative and cyber security organisations are in an arms race with them.
Discussing cybercrime-as-a-service and the ease with which cyber attacks can be conducted, Samani highlighted the importance of studying and understanding the opposition.
He said criminals behind ransomware campaigns are now outsourcing almost every single component required to cause as much infection as possible and make money in the process.
“The report claims that Chinese hackers are increasingly targeting US companies and government agencies.
It further states that technical assessments of operational tradecraft observed in intrusions attributed to China are the result of extensive forensic analysis and discussions with information security professionals who follow these issues closely,” revealed Samani.
However, the US is not the only target, and China is not the only presumed attacker, he warned.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2138b0e77e&e=20056c7556
Kenya to domesticate international cyber crime law
Kenya is fast-tracking the process of domesticating international cybercrime law in order to boost online safety in the country, officials said Tuesday.
Communications Authority of Kenya (CA) Assistant Manager Robin Busolo told Xinhua in Nairobi that the East African nation plans to ratify the Council of Europe’s Convention on Cybercrime which is also known as the Budapest Convention on Cybercrime.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=141f05e3b3&e=20056c7556
Next Generation of Cyber Attacks to Focus on Manipulating Data
WASHINGTON (Sputnik) — Future cyber attacks will be focused on changing or manipulating data to jeopardize its reliability, compared to previous attacks aimed at deleting information,, US Director of National Intelligence James Clapper said on Wednesday.
Clapper, whose office is in charge of annual worldwide threat updates, has placed cybersecurity at the top of the list of threats to US national security interests for the past four years.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9bbc348168&e=20056c7556
Effective incident response is key to managing and recovering from cyber security breaches
ELY, CAMBRIDGESHIRE, UNITED KINGDOM, May 18, 2016 /EINPresswire.com/ — Cyber security consultancy firm IT Governance has urged companies to implement effective cyber security policies, formal incident management processes and ongoing staff training to avoid harmful cyber security breaches.
The response comes after HMG’s Cyber Security Breaches Survey 2016 revealed that 65% of major UK businesses experienced at least one cyber security breach in the last year, and a quarter of large firms experienced cyber security breaches on a monthly basis.
The survey findings reveal that, although cyber security is a high priority for large UK organisations, only 29% of UK businesses have documented cyber security policies and just 10% have formal incident management processes in place.
Alan Calder, founder and chief executive officer at IT Governance, said: “Ongoing staff training is a key element for the successful management of a cyber security incident.
In addition, organisations need to have a formal incident management process in place and undertake rehearsals as part of a security incident response plan.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=24c6d8019d&e=20056c7556
Why signature-based detection isn’t enough for enterprises
The Einstein program, developed by the National Protection and Programs Directorate, the Department of Homeland Security’s cybersecurity division, has recently been criticized for relying too heavily on this type of signature to detect and block malicious traffic.
Malware developers can constantly change their code or the way it is packaged to make sure it does not produce the same signature as previous versions, detection of which may have been added to existing signature lists of known bad code.
For example, the way in which instructions in the code are written may be changed, or the syntax altered while preserving its functionality.
Metamorphic malware is even more sophisticated, as it’s capable of changing itself to a completely new instance with each fresh infection, while polymorphic malware encrypts itself each time with a different encryption key.
This code mutation makes unique signature generation extremely difficult.
No security system should rely on just one method of detecting malicious code or activity.
Security is always about defense-in-depth and diversity, and the overall effectiveness of security controls and techniques working together is what counts.
A combination of detection methods creates the most effective antimalware solution.
Despite any shortcomings, signature-based detection continues to play an integral role in keeping networks and endpoints secure.
In classic form, they are a direct impediment to previously identified threats.
With more evolved signature technology, their added intelligence makes signatures a serious line of defense, even against new threats.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=048de11a9b&e=20056c7556
Why Security Investigators Should Care About Forensic Research
This summer, thousands of forensic specialists will descend on the desert of Las Vegas to hear original research at conferences such as EnFuse, HTCIA and to a lesser degree, Black Hat.
They’ll learn of breakthroughs made in discovering new varieties of evidence left when users and software interact with the OS.
Unlike new malware and vulnerability research, there’s no financial incentive for forensic researchers to shout findings from the mountain tops.
Vendors typically pay bounties for vulnerabilities; for new forensic “artifacts,” they generally do not.
Years ago, Apple was “Slashdotted” for tracking user GPS coordinates, and Facebook for not stripping GPS data from images.
Yet outside these two cases of vendors “patching” away GPS artifacts, most have seemingly resigned themselves to the fact that forensic tools will learn an uncomfortable amount about us.
I think another reason forensics falls under the radar is its culture of discretion, which stems from the circumstances of a forensic examiner’s job.
Within corporations, they may work with InfoSec, compliance, HR, or even legal departments.
They might read your work email, or — having investigated intellectual property cases — might be one of the few knowing all 11 of KFC’s herbs and spices.
Hell, they’ve even seen your CEO’s browsing history.
Think about how personal that might be, especially in the BYOD era, where business and personal mix within our phones and tablets.
Forensics’ culture of discretion runs even deeper outside corporate circles.
There’s a good chance an examiner may have spent time in law enforcement, or done forensics for the military or intelligence agencies.
At a conference like HTCIA or EnFuse, be careful discussing work over a few beers.
Internal filters are often broken, as yours would be if you’d seen the disturbing crimes they’ve seen.
For instance, I learned what it sounds like when an estranged wife dissolves her unconscious husband in a giant barrel of acid.
Don’t worry, I won’t tell the serial killer stories here.
While forensics provides visibility into computers which convict bad guys, the truth can also set men free.
Mr.
Key was able to examine old cached Web pages to determine which users were actual pedophiles versus those visiting in the context of a payment gateway for a legitimate adult site.
In an age where so much of our lives is touched by the Web and mobile computing, and where our hidden personal lives leave forensic residue everywhere, society should pay more attention to this summer’s digital forensic discoveries.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=fef33cc1d9&e=20056c7556
Post-breach forensics: Building the trail of evidence
New approaches to user monitoring and behavioural analytics enable firms to analyse all user activity, allowing tracking and visualising of user activity in real-time to understand what is really happening on the network says Balázs Scheidler.
The way in which data is collected and presented can also present hurdles and it’s not only the time taken in an investigation which can be hampered.
The integrity of the log data itself may also be called into question in a legal process if it has been changed from its original format.
Logs need to meet the legal standard for evidence (stored in a tamper-proof manner) and any that have been changed or have not been securely stored may not be accepted as evidence in a court of law.
Building the trail of evidence is now a significant issue for organisations as cyber-attackers are increasingly hijacking insider accounts to gain privileged access to the IT assets.
By targeting system administrators and other ‘super users’ who have very high or even unrestricted access rights on operating systems, databases and application layers, they have the power to destroy, manipulate or steal the company’s sensitive information, such as financial or CRM data, personnel records or credit card numbers.
New approaches to user monitoring and behavioural analytics are enabling firms to analyse all user activity, including malicious events, throughout IT systems.
This allows enterprises to track and visualise user activity in real-time to understand what is really happening on the network.
If there has been an unexpected shutdown, data leakage, or database manipulation, the circumstances of the event are readily available in audit trails so the cause of the incident can be quickly identified.
These recorded, tamper-proof audit trails can be played back like a movie, recreating all actions of the user.
The audit trails are invaluable for both real time and post breach investigations, and also enabling automatic user behaviour analytics.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e5109934bc&e=20056c7556
Arbor Networks report finds relentless threat environment
Arbor Networks Inc., the security division of NETSCOUT (NASDAQ: NTCT), has released its 11th Annual Worldwide Infrastructure Security Report (WISR) offering direct insights from the global operational security community on a comprehensive range of…
· Change in attack motivation: This year the top motivation was not hacktivism or vandalism but ‘criminals demonstrating attack capabilities’, something typically associated with cyber extortion attempts.
· Attack size continues to grow: The largest attack reported was 500 Gbps, with others reporting attacks of 450 Gbps, 425 Gbps and 337 Gbps.
· Complex attacks on the rise: 56 percent of respondents reported multi-vector attacks that targeted infrastructure, applications and services simultaneously. 93 percent reported application-layer DDoS attacks.
The most common service targeted by application-layer attacks is now DNS (rather than HTTP).
· Cloud under attack: Two years ago, 19 percent of respondents saw attacks targeting their cloud-based services.
This grew to 29 percent last year, and now to 33 percent this year – a clear upward trend.
· Firewalls continue to fail during DDoS attacks: More than half of enterprise respondents reported a firewall failure as a result of a DDoS attack, up from one-third a year earlier
Top five advanced threat trends
· Focus on better response: 57 percent of enterprises are looking to deploy solutions to speed the incident response processes.
Among service providers, one-third reduced the time taken to discover an Advanced Persistent Threat (APT) in their network to under one week, and 52 percent stated their discovery to containment time has dropped to under one month.
· Better planning: 2015 saw an increase in the proportion of enterprise respondents who had developed formal incident response plans, and dedicated at least some resources to respond to such incidents, up from around two-thirds last year to 75 percent this year.
· Insiders in focus: The proportion of enterprise respondents seeing malicious insiders is up to 17 percent this year (12 percent last year).
Nearly 40 percent of all enterprise respondents still do not have tools deployed to monitor BYOD devices on the network.
· Staffing quagmire: There has been a significant drop in those looking to increase their internal resources to improve incident preparedness and response, down from 46 to 38 percent in this year’s results.
· Increasing reliance on outside support: Lack of internal resources this past year has led to an increase in the use of managed services and outsourced support, with 50 percent of enterprises having contracted an external organisation for incident response.
This is 10 percent higher than within service providers.
Within service providers, 74 percent reported seeing more demand from customers for managed services.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=9f839b0440&e=20056c7556
Infoblox Network Protection Survey: Organizations Utilizing Best Practices Enjoy Outsized Business Outcomes
SANTA CLARA, CA–(Marketwired – May 16, 2016) – Infoblox Inc. (NYSE: BLOX), the network control company, today announced results of its 2016 Network Protection Survey.
The in-depth survey compares the measures IT takes to protect and optimize networks among 200 enterprises in the United States and Canada.
The survey uncovers dramatic differences between the highest- and lowest-performing organizations, in terms of how they manage their networks as well as their outcomes.
“Top enterprises think more strategically about their networks, don’t tolerate operational silos, and invest in the necessary tools for effective and secure infrastructure,” said Scott Fulton, executive vice president of products at Infoblox. “The results are clear — fewer outages and breaches, as well as better alignment with the business needs of their organizations.”
The Infoblox Network Protection Survey found that adhering to industry best-practices results in better outcomes:
– Greater internal customer satisfaction
– Stronger security
– Networks that run more smoothly
– Better visibility into and control over infrastructure details such as IP addresses, malicious DNS traffic, and trusted users deviating from appropriate behavior
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4cf12529fc&e=20056c7556
Cyber attack attribution: Strategies and tools for business organizations
Attack Attribution is all about finding out the entity that has successfully breached your cyber defences.
This is an important consideration for forensic investigators, intelligence analysts, and national security officials.
In line with this overall preparedness and as part of the Active Response program, Security Operations Centre (SOC) service providers have started to empower the Investigators on their teams to carry out attribution.
To be able to do their investigations effectively, they need to be equipped to fire real time ad hoc queries against security apps deployed for protecting your networks (SIEM loggers, IPS, IDS, etc) and be able to collect and save relevant data pertinent to the threat.
Once the da ..
Business organizations have largely been stopping at protecting their networks against attacks and often do not consider attack attribution as a necessity.
Historically, this could be due to paucity of investigative tools.
With such tools now available, security departments within business organizations can attempt to take this step now.
Knowing ones adversary will dissuade the actors from targeting you.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0eeb036b7c&e=20056c7556
Soha Systems’ Survey Reveals Only Two Percent of IT Experts Consider Third-Party Secure Access a Top Priority, Despite the Growing Number of Security Threats Linked to Supplier and Contractor Access
SUNNYVALE, CA–(Marketwired – May 17, 2016) – Soha Systems, an innovator of enterprise access as a service, today released a report based on a survey conducted by the newly formed Soha Third-Party Advisory Group, which consists of security and IT experts from Aberdeen Group; Akamai; Assurant, Inc.; BrightPoint Security; CKure Consulting; Hunt Business Intelligence, PwC; and Symantec.
The report, which surveyed over 200 IT and security C-Level executives, directors and managers at enterprise-level companies, revealed four key insights:
Third-party access is not an IT priority, yet it is a major source of data breaches
Respondents believe their own organizations are secure from third-party data breaches but think their competitors are vulnerable to them
Providing third-party access is complex and tedious, and has many moving parts
IT professionals take data breaches personally but are not worried about losing their jobs due to a breach
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=27e1faa093&e=20056c7556
Security spending rises in areas ineffective against multi-stage attacks
Vormetric announced the results of the Financial Services Edition of the 2016 Vormetric Data Threat Report (DTR).
This edition extends earlier findings of the global report, focusing on responses from IT security leaders in financial services, which details IT security spending plans, perceptions of threats to data, rates of data breach failures and data security stances.
“Spending to protect data is increasing fastest in areas that have been shown to be ineffective at protecting against multi-stage attacks – Network defenses (65 percent) and end point and mobile device defenses (58 percent) – still see the highest increase in spending, while approaches like data-at-rest defenses that have been proven to be effective at protecting data after perimeter defenses have been bypassed, are at the bottom (48 percent).”
Other key findings:
90 percent feel vulnerable to data threats
44 percent have already experienced a data breach, with nearly one in five (19 percent) indicating a breach in the last year
At 56 percent, meeting compliance requirements was the top IT security spending priority, but preventing data breaches at 50 percent and best practices, also at 50 percent, were close followers
Complexity at 68 percent, and lack of staff at 35 percent, are identified as top barriers to adoption of better data security
Bright spots include 70 percent increasing spending to offset threats to data and 48 percent increasing spending on data-at-rest defenses this year.
66 percent view meeting compliance requirements as a ‘very’ or ‘extremely’ effective way to protect sensitive data, yet slow moving compliance standards consistently fail to stop today’s multi-level attacks.
Top concerns include:
Security breaches at the cloud provider level (75 percent)
Increased vulnerabilities from share