“Today’s computing environments are increasingly driven by the desire for digital transformation, resulting in highly distributed implementations—data is increasingly held beyond the corporate boundaries, in complex hybrid cloud and mobile environments.”
451 Research recently released the “Thales 2018 Data Threat Report,” revealing the harsh realities of our complex cybersecurity landscape. IT spending increased last year, but data breaches increased as well. We’re all left wondering, “what gives?” The report offers some answers as to what’s causing these gaps in data security, provides recommendations for mitigating issues, and emphasizes the need for businesses to reframe their defenses—or else, risk yet another breach.
More than 1,100 senior security executives from around the world participated in the “Data Threat Report” covering a comprehensive set of technology methodologies. From strategies on multi-cloud usage and containers to mobile payments and IoT, 451 Research looked for patterns and uncovered actionable insights for your business.
Data Breaches Are Rising Drastically Despite Higher Security Budgets
A whopping 67% of global respondents worldwide, 71% stateside, indicated they had experienced a data breach at some point; 36% of the global breaches occurred in 2017 and 46% of the U.S. breaches happened last year. The news is concerning, especially for those who are in the minority and have yet to experience an attack.
Figure 1: Number of Businesses Breached
Cloud computing capabilities, meeting compliance mandates, and implementing security best practices were the top motivators for increased IT security budgets in 2018. Most notably, avoiding the financial implications of a data breach was the second highest priority, indicating that leaders realize that the impact of a data breach truly does affect their bottom line.
If You Feel Vulnerable to Attacks, You Are Not Alone
An alarming 92% of global leaders and 91% of U.S. leaders feel vulnerable to data threats. Even though IT leadership is willing to invest in security, and have increased their budgets in 2017 and 2018, it seems that there’s disconnect as to which controls are actually effective, and most organizations simply are not prepared to handle a significant attack. What are the hurdles these leaders need to overcome? Complexity was cited as the top barrier to data security—a first in the Thales’ report history.
Figure 2: Perceived Barriers to Effective Data Security
Emerging Tech Adoption Compounds Data Security Issues
One of the reasons more funds aren’t translating into results is because organizations are eager to adopt emerging technologies, but aren’t accounting for the necessary security adjustments. In fact, respondents admit that many technologies—cloud services, IoT, connected devices, mobile payment, data storage and processing—are often deployed before clearing it with the rest of their security team.
Old Security Strategies Are Ineffective for New Technology
In cases when IT or security professionals are tasked with protecting new technologies, issues arise from using old and familiar security techniques to protect new technology, which has its own set of challenges and requirements. What’s most perplexing is that even though most professionals understand what technology and controls are necessary to protect systems and data, they are not prioritizing spend in those categories. Protecting data at rest, for instance, was rated the most effective method, but has the lowest budget increase for 2018.
Figure 3: Budget Allocations Versus Perceived as Most Effective Methods of Data Security
Fear of change and the perceived complexity of data security are likely barriers to changing spending habits or security methods.
Solutions and Recommendations
Effective data security requires the proper implementation and management of policies, procedures, and systems. Security starts at the foundation of a network, so before deploying any new technology, consider how to improve and strengthen your comprehensive security strategy.
- Perform a Security Tool Checkup. With so many endpoints that connect back to your network, traditional network security is no longer sufficient. Look for platforms that offer automation and service support to ease deployment complexity and act as an extension of your team.
- Seek a Multi-Cloud Strategy. While many cloud providers offer their own security features, businesses are still responsible for the oversight and management of security across multiple cloud environments. Consider using cloud solutions that integrate well with multiple providers.
- Go Beyond the Compliance Checklist. Although meeting compliance mandates is an effective way to protect sensitive data, security often goes beyond those requirements. Unlike compliance, security frameworks and methods change and improve much faster in order to keep up with the ever-evolving landscape. Consider using encryption, especially in the cloud, to both address compliance and move closer to industry best practices.
- Use Best Practices in Encryption and Access Control Across Technologies. Work with your data center provider to use file and application level encryption and access controls. When it comes to the cloud, encrypt and manage keys locally, if possible. If you use IoT to manage business devices, employ secure device ID and authentication, as well as encryption for data at rest and in transit to mitigate vulnerabilities.
It’s also a good idea to implement data encryption between all systems and devices and to rely on access control methods. For example, multi-factor authentication can use synchronous or asynchronous tokens, which add layers to an access system. To gain access, a hacker must first identify a password and then crack additional layers of security to find an authentication code that is often proprietary and unique.
Security threats and breaches are more the norm than the exception in today’s business world. Fight back by being aware of your vulnerabilities and taking action to prevent them. If you don’t have the resources and know-how in-house, look for managed security providers that can work with your unique environment. Also, choose cloud service providers that offer multiple layers of security, as mentioned in the recommendations.
Additional Resources on This Topic:
This article was first published on OnRamp.