Digital Risk and Security Awareness Survey
|
|
- Asher Fletcher
- 6 years ago
- Views:
Transcription
1 KuppingerCole Report ADVISORY NOTE by Martin Kuppinger February 2015 A survey on the awareness of digital risks and security risks run and compiled by KuppingerCole. Providing insight into the current perception of digital and security risks, complemented with analysis and recommendations by KuppingerCole. by Martin Kuppinger mk@kuppingercole.com February 2015
2 Content 1 Management Summary About the Survey Survey Results Changes in digital security risk perception The most frightening attacks Countermeasures Budget changes C-level attention Recommendations Copyright Content Tables Table 1: Changes of technology relevance, based on % of #1-#3 rankings three years from now compared to today Table of Figures Fig. 1: Distribution of respondents across industries Fig. 2: Job titles of the respondents Fig. 3: Results for the changing recognition of digital security threats Fig. 4: Results for the changing recognition of risks... 8 Fig. 5: Comparing changes in threat and risk recognition Fig. 6: Reasons for stable risks, while threats increased (multiple choice allowed) Fig. 7: Reasons for increasing risks, while threats remained stable/decreased... 9 Fig. 8: Reasons for stable/decreasing threats and risks Fig. 9: Reasons for increase in both threats and risks Fig. 10: The most frightening types of attacks Fig. 11: Most-feared types of cyber-crime Fig. 12: Main reasons for internal attacks Fig. 13: Main reasons for nation-state attacks Fig. 14: Main reasons for politically motivated attacks Fig. 15: Most important countermeasures Fig. 16: Three main technologies ranked #1 in countermeasures Fig. 17: Three main technologies ranked #2 in countermeasures Fig. 18: Three main technologies ranked #3 in countermeasures Page 2 of 29
3 Fig. 19: Most important countermeasures in one year from now Fig. 20: Three main technologies ranked #1 in countermeasures one year from today Fig. 21: Three main technologies ranked #2 in countermeasures one year from today Fig. 22: Three main technologies ranked #3 in countermeasures one year from today Fig. 23: Most important countermeasures in one year from now Fig. 24: Information Security budget changes within the past 24 months Fig. 25: Industries with a lack of C-level attention for Information Security Fig. 26: Reasons for C-level attention on Information Security Related Research Advisory Note: Real Time Security Intelligence Advisory Note: Security and the Internet of Everything and Everyone Advisory Note: Security Organization, Governance, and the Cloud Advisory Note: IAM Predictions and Recommendations Executive View: Introduction to Managing Risk Leadership Compass: IAM/IAG Suites Leadership Compass: Access Governance Leadership Compass: Cloud User and Access Management Leadership Compass: Cloud IAM/IAG Leadership Compass: Dynamic Authorization Management Leadership Compass: Identity Provisioning Leadership Compass: Enterprise Key and Certificate Management Leadership Compass: Enterprise Single Sign-On Leadership Compass: Privilege Management Page 3 of 29
4 1 Management Summary In a global online survey, KuppingerCole has asked Information Security professionals about their current perception of Digital Risk and Security. The study shows a significant increase in awareness of both threats, i.e. the potential attacks, and risks. While some participants claim that they were able to keep their risks stable or even mitigate them by investing in countermeasures, the vast majority feels that the risk for their organizations increased over the past 12 months. The most frightening type of attacks comes from organized crime, including attacks that are associated with industrial espionage, blackmailing, and particularly a potential loss of reputation, for instance when large amounts of passwords are stolen and sold on the black market. Internal attackers also are perceived as massive risks. Depending on the industry and the geography, nation-state attackers and politically motivated attackers also are identified as severe risks. In particular, governmental organizations and corporations from industries such as Aerospace & Defense (in the case of nation-state attacks) and Finance (in the case of politically motivated attackers) feel themselves threatened by these groups of attackers. Overall, there appears to be a far better perception of the cyber-security risks than ever before, particularly due to the public attention to these issues today. Looking at the countermeasures allows some interesting observations. While some technologies such as Identity and Access Management & Governance (IAM/IAG) are considered as key technologies, others are gaining momentum and expected to play a far bigger role with the next three years. Somewhat surprising, Mobile Security Solutions are still not widely used but expected to play an important role in the near future. Secure Information Sharing, e.g. Information Rights Management or Secure Data Rooms, already is perceived as one of the most relevant countermeasures, with another uptake expected within the next three years. However, the biggest growth, according to this study, will be seen in the area of Real-Time Security Intelligence1. This includes solutions that provide managed services not only about newly identified attack vectors, but also for analyzing logs and events based on advanced analytical capabilities. While the current and short-term focus is on on-premise solutions, the results show a massive uptake for managed services in that area within the next three years. On the other hand, traditional technologies such as firewalls, IPS/IDS, or endpoint security are on the decline not necessarily in absolute numbers, but in their role as core technologies for cyber-security countermeasures. The study shows a clear focus on Real-Time Security Intelligence and IAM/IAG as strategic elements, complemented by Secure Information Sharing technologies. Gaining comprehensive insight into attacks and integrating prevention, detection and response instead of using point solutions appears to be the strategic focus, according to the survey results. This is combined with protection of the information assets themselves, instead of secondary components such as networks and servers. Overall, the study highlights that there is not only a far better perception of both digital threats and risks, but also a fundamental change towards more holistic, strategic countermeasures, superseding and integrating traditional approaches. 1 Page 4 of 29
5 2 About the Survey The survey was executed in the fourth quarter of 2014 as an online survey. 270 persons participated in the survey. The survey consisted of ten main questions plus a number of additional questions that have been raised depending on the answers provided. Fig. 1: Distribution of respondents across industries. The participants were well distributed across industries. Other includes IT companies, but also a number of manufacturing companies where participants did not associate themselves with Manufacturing or Industry. The fact that recipients are from a broad range of industries allows generalizing the results of the survey. Furthermore, the fact that some industries such as Finance and Government are very well represented allows deducing concrete conclusions for these industries in particular. Page 5 of 29
6 Fig. 2: Job titles of the respondents. Figure 2 shows the job titles of respondents. Over 40% of the participants were C-level, including CIOs, CISO, CEOs, and other types of C-level jobs. Thus, there is a good mix between the C-level view on one side and the view of people from the departmental levels and projects. Page 6 of 29
7 3 Survey Results In the following sections, the results of the survey are released and explained. For many of the answers, you will find further analysis by KuppingerCole. 3.1 Changes in digital security risk perception The first set of questions focused on the changing perceptions of digital security risk. The first question asked whether the recipient has recognized an increase in digital security threats over the past year. The follow-on question then asked whether this recognition has led to growing risks. Basically, there might be an increase in threats and attacks, while risks remain stable. This might be the case when there are no new attacks or when the risk resistance has been improved. Fig. 3: Results for the changing recognition of digital security threats. For the first question, 85.6% of the recipients responded that they have observed an increase in threats. In other words, more than 5 out of 6 participants all of them being IT professionals that deal with IT security issues have seen an increase in threats over the past 12 months, i.e. in the period of Q to Q The answer is not surprising, given the large number of attacks that became public, combined with the echo of the Snowden revelations. Page 7 of 29
8 Fig. 4: Results for the changing recognition of risks. Overall, the perception of the risk exposure increased as well. However, only 77.6% indicated an increase in that area, compared to 85.6% recognizing an increase in threats. Figure 5 provides details on how the answers to these two questions are related. Fig. 5: Comparing changes in threat and risk recognition. For the various areas, we have asked for the specific reasons behind these perceptions. For the 10.8% of participants that indicated an increase in threats, while risks remained more or less stable, we found two major answers. 80% of the respondents named better countermeasures and investments in Information Security Technology as the main reasons why the overall risk exposure did not grow, despite the increase in threats. 40% also identified better alerting for new threats based on real-time services as the reason for their increased threat resistance. This also shows that investing in real-time services is one of the Page 8 of 29
9 common actions organizations take. Based on such services, they learn earlier and more about new types of attacks, particularly zero-day attacks, and thus are better able to react on these attacks. Fig. 6: Reasons for stable risks, while threats increased (multiple choice allowed). Other answers included the hint that the risk picture did not change, i.e. the once identified risks remain while there are no new risks. This is a valid answer, even while the risk rating in the sense of changes in probability and impact might change anyway for existing risks. Fig. 7: Reasons for increasing risks, while threats remained stable/decreased (multiple choice allowed). A small number of participants responded that the risk grew while threats remained stable or even decreased. Figure 7 shows the answers on this question. Due to the small population for this question, this can only give some indications for the generic reasons for such perceptions. Basically, the main reasons come down to concrete incidents and warnings. If something goes wrong within the industry or in the organization itself, the understanding of the real risks might change, despite a stable threat landscape and attack surface. Page 9 of 29
10 Fig. 8: Reasons for stable/decreasing threats and risks (multiple choice allowed). Another 11.6% of the respondents answered that both threats and risks remained unchanged or even decreased during the past 12 months. The main reason mentioned was again investments in Information Security technology. This aligns with 14.8% mentioning faster detection and better understanding of threats as the foundation for targeted countermeasures. 25.9% of the respondents named a changing focus of attackers as the main reason. This appears to be a valid observation. However, the number of concrete attacks might remain stable while the ratio decreases, when as it happens today the overall number of attacks grows. One interesting answer was that the change in threats and risks is hard to rate, given the current hype. While there is hype in the sense of massively increased cyber security awareness in the general public, it also is a fact that the overall trend of a growing number of attacks remains intact. Fig. 9: Reasons for increase in both threats and risks (multiple choice allowed). Finally, we asked for the reasons behind the perception of both increasing threats and risks the perception of the vast majority of 75% of the participants. The main reason mentioned by 58.7% of Page 10 of 29
11 these respondents was that there is more publicly available information about cyber-attacks. The growing attention to this topic has led to an increasing awareness of the risks. Interestingly, more than half of the answers also indicated that information exchange with peers within the industry led to this increased awareness regarding threats and risks. This is interesting because it shows a far better collaboration among different companies in various industries than might have been expected. Again, a significant number of respondents, i.e. 40.9% of the 75% that see an increase in both threats and risks, mentioned that they have done more or better threat and risk analysis. This shows how important it is to have a risk management approach in place that helps understanding the real risks. 3.2 The most frightening attacks The second group of questions dealt with the types of attacks most concerning people today. The initial question in this group was about the most frightening type of attack. Fig. 10: The most frightening types of attacks. Most feared are attacks by organized crime. Nearly half of the participants, 46.6%, named this as the most frightening type of attack from their perspective. This proves the observation that cyber-crime massively gained ground over the past few years, having become a threat for everyone today. Second ranked in this question are internal attackers, which are considered the most challenging type of attack by 29.4% of the respondents. This is still a fairly significant number. If the question would have been a multiple choice question, this type of attack probably would have ranked even higher. Clearly, internal users particularly in the case of privileged users such as administrators that sometimes have extensive entitlements remain a massive challenge for Information Security. Despite the Snowden revelations and other types of nation-state attacks and espionage that have become known, this type of attack only ranks #3, with 11.3% of the respondents rating this as the most severe type of attack they are facing. Page 11 of 29
12 Finally, another 8.6% named politically motivated attacks as their biggest concern. In the light of recent incidents such as the DDoS attack on the website of the German chancellor, this clearly is a real issue these days. Among the answers indicating others, there were some interesting results. Some mentioned industrial espionage as their biggest threat. This might be subsumed within organized crime (being heavily involved in such activities) or nation-state attacks (based on the fact that several nation-state are very actively spying on other nation s corporations). Fig. 11: Most-feared types of cyber-crime (multiple choice allowed). When looking in more detail at the various types of attacks, the respondents which feel most challenged by cyber-crime listed a number of attack types they are frightened by. Roughly 2 out of 3 (65.0%) named theft of information assets that are then sold on the black market as an attack type they are challenged by. This aligns with what has been said above regarding industrial espionage. Also more than half (56.3%) of the respondents to this question listed financial fraud on top. This obviously is one of the types of attacks that are here to stay forever. However, many of the spam mails related to financial topics such as unpaid invoices are constructed to place malware as part of more advanced types of attacks, commonly referred to as APTs (Advanced Persistent Threats). Also, blackmailing in various forms is seen as a massive challenge, with 36.9% mentioning this in the context of access to sensitive data that is only withheld/deleted against payment and another 21.4% being in fear of having to pay for data being encrypted by malware. Other answers in that area include the fear of loss of reputation a major challenge and the loss or corruption of data. When looking at internal attacks, 70.8% of the respondents clicked on the answer option Just a realistic view. In fact, at least a very large portion of really severe incidents has been caused by internal attackers or at least with support by internals. Furthermore, advanced types of attacks commonly hijack internal accounts, thus protection of these accounts and their behavior remains essential. In consequence, the threat created by internal attackers must not be underestimated. Page 12 of 29
13 Fig. 12: Main reasons for internal attacks (multiple choice allowed). Another 50.8% referred to the examples of other organizations, such as sales of customer data by employees of financial organizations, e.g. the sale of tax fraud information from Swiss banks to German tax offices. A quite interesting number are the 24.8% choosing the option that there are concrete indications for such attacks. That is a fairly significant number, given the massive impact internal attacks can have. Notably, several respondents referred either to experiences they already have had within their organizations or the fact that their internal countermeasures such as Privilege Management or Security Analytics are insufficient. Fig. 13: Main reasons for nation-state attacks (multiple choice allowed). Of the respondents rating nation-state attacks as the most frightening type of attack they are facing, more than half (56%) referred to the fact that they are in critical infrastructure industries. These types of industries are considered to be a common attack target of other countries. Some 40% indicated that their assets are (actual or assumed) targets of nation-state industrial espionage. This is particularly true Page 13 of 29
14 for organizations in the IT Security industry and in the Aerospace & Defense industry. Another 16% see their challenges regarding nation-state attacks being caused by the fact that they are governmental or military organizations. Some of the respondents also referred to the geography they are in, being in one of the countries that is a common target of such attacks. Fig. 14: Main reasons for politically motivated attacks (multiple choice allowed). Finally, there is the group of respondents that feels most challenged by politically motivated attackers. Again, the main reason mentioned here were the industries, either being critical infrastructure (36.8%), governance or military (32.6%) or financial (10.5%). Furthermore, a number of respondents again referred to their geography, making them a common target of politically motivated attacks. 3.3 Countermeasures The increase in digital risk and security awareness obviously also means that organizations are spending more time and money for countermeasures. However, the answers to that question provide a very mixed picture regarding the concrete countermeasures taken and the preferred mix of countermeasures. Page 14 of 29
15 Fig. 15: Most important countermeasures (selection of three for rank #1 to rank #3). Overall, IAM (Identity and Access Management) related countermeasures have a significant weight. This might be caused by the fact that there was a higher percentage of respondents from these departments. However, IAM in general is increasingly considered to be one of the most important countermeasures in cyber-security. When adding the selections for either rank #1, rank #2, or rank #3, Identity and Access Management & Governance has been mentioned by 60.4% of all recipients. A very significant number of respondents thus has identified that set of technologies as a key technology for increasing cyber-attack resistance. Page 15 of 29
16 Another 44.2% put Privilege Management on one of these three first ranks, as a specific subset of IAM, focusing on privileged users. This aligns well with the answers indicating that internal attacks still are among the most threatening types of attacks, because both Privilege Management in particular and IAM in general are common and proven countermeasures against internal attacks. Following these two groups of technologies, we find a number of other approaches in a head-to-head competition. Between 23% and 30% of the respondents opted for IDS/IPS (Intrusion Detection/Prevention Systems) [29.9%] SIEM tools (Security Information and Event Management) [27.4%] Endpoint Security [24.9%] Firewalls [24.4%] Secure Information Sharing (Secure File Sync, Data Rooms, Information Rights Management) [23.4%] While the first four groups of technologies are quite common countermeasures against attackers, finding Secure Information Sharing in this group is somewhat surprising. However, this is an indicator of the growing attention and maturity of the various technologies in that space, allowing the protecting of information end-to-end and focusing on protecting the informational assets themselves instead of underlying technology such as networks or servers. Further technologies rated are Real-time Security Intelligence on-premise [18.8%] Building/operating their own SOC or relying on a managed SOC [16.8%] Mobile Security Solutions [13.7%] Real-time threat information as managed service [10.2%] Real-time Security Intelligence as managed service [6.1%] When looking at these choices, all three around real-time threat information and security intelligence fall into the same category. If added, more than 35% of the respondents opted for the one or other of these technologies. Interestingly, Mobile Security Solutions are not rated high as one of the primary means for increasing resistance against cyber-attacks. The assumed reason for this could be the tactical and very focused nature of these technologies, compared to the cross-system and cross-device nature of, for instance, IAM or Real-time Security Intelligence. However, further and detailed analysis of other answers shows that the main reason for that low rating is based on the fact that it is not widely used or required as a primary security measure today. Page 16 of 29
17 Fig. 16: Three main technologies ranked #1 in countermeasures. When looking at the three technologies ranked most often #1 in countermeasures, we find IAM, firewalls, and SOCs (Security Operations Centers). The latter includes technology such as SIEM or, more advanced, Real-time Security Intelligence. Fig. 17: Three main technologies ranked #2 in countermeasures. When looking at the technologies most frequently ranked #2 in countermeasures, we again see IAM slightly in front, directly followed by Privilege Management and IDS/IPS. Page 17 of 29
18 Fig. 18: Three main technologies ranked #3 in countermeasures. Finally, when looking at the technologies most commonly ranked #3, we see Privilege Management, Secure Information Sharing (as the real surprise in that listing), and IAM. Interestingly, some traditional technologies, in particular firewalls, did not make it among the top 3 ranked technologies at all. This appears, despite a potential overweight of IAM, to be an interesting indicator. IDS/IPS clearly outranked traditional firewalls, and when adding the ratings for the various types of real-time analytics, these technologies also are clearly ahead of firewalls. Additionally, we have asked which technologies will most likely become the most important countermeasures in one and three years from now. Page 18 of 29
19 Fig. 19: Most important countermeasures in one year from now (selection of three for rank #1 to rank #3). What is really interesting is to compare the listings of technologies with ranks of #1 to #3 here with the ones of today (see figure 15). The following technologies show the biggest increase in relevance: Mobile Security Solutions [up by 15.2% absolute, 111.1% relative] Real-time Security Intelligence as managed service [up by 10.7% absolute, 175% relative] Real-time Threat Information as managed service [up by 5.6% absolute, 55% relative] Secure Information Sharing [up by 4.6% absolute, 19.6% relative] Real-time Security Intelligence on-premise [up by 3.0% absolute, 16.2% absolute] Page 19 of 29
20 In particular, these numbers allow the prediction that the Real-time Security Intelligence market segments will grow massively, with a shift towards managed services. They also show that Mobile Security Solutions will gain significant momentum, with the increasing need to support enterprise mobility. Two other technologies remained quite stable in the ratings, including Identity and Access Management & Governance [down by 1.5% absolute] Building/operating a SOC or SOC as managed service [down by 1.5% absolute] Finally, a number of other technologies are found less frequent among the top 3 ranked technologies that will be used as countermeasures against cyber-attacks. These include SIEM [down by 5.6%] Endpoint Security [down by 6.1%] Privilege Management [down by 6.1%] IDS/IPS [down by 7.6%] Firewalls [down by 10.7%] These numbers align well with the shift towards Real-time Security Intelligence, i.e. advanced detection combined with prevention and an overall increased insight into what is happening. Fig. 20: Three main technologies ranked #1 in countermeasures one year from today. Again, we can analyze the highest ranked technology. When looking at the #1 rankings, firewalls dropped out of the top 3, with Real-Time Threat Information entering that list now. Page 20 of 29
21 Fig. 21: Three main technologies ranked #2 in countermeasures one year from today. In the top 3 rating for rank #2, we find the same technologies, with Mobile Security Solutions entering the list in a tie for third rank in that listing. This is in line with the increase in relevance of Mobile Security Solutions as a countermeasure against cyber-attacks. Fig. 22: Three main technologies ranked #3 in countermeasures one year from today. The top 3 list for the #3 ranked technologies remains unchanged, compared to the current state. Page 21 of 29
22 Fig. 23: Most important countermeasures in three years from now (selection of three for rank #1 to rank #3). Looking even further into the future, we asked for the main countermeasures against cyber-attacks in three years from now. Again, the most interesting comparison of the results indicated in figure 23 is when comparing them to the current state. Table 1 provides an overview of these changes, ordered by relative change. Page 22 of 29
23 Technology Absolute change Relative change Real time Security Intelligence as managed service 25.4% 416.7% Mobile Security Solutions 18.3% 133.3% 9.6% 95.0% 11.2% 47.8% 3.0% 18.2% -2.5% -13.5% -10.7% -17.6% SIEM tools (Security Information & Event Management) -8.1% -29.6% Privilege Management (Privileged Account/Identity/User Management, Root Account Management) -13.7% -31.0% -9.6% -32.2% Endpoint Security -10.7% -42.9% Firewalls -12.2% -50.0% Real time threat information as managed service Secure Information Sharing (Secure File Sync, Data Rooms, Information Rights Management) Building/operating an own SOC or relying on a SOC as managed service Real time Security Intelligence on-premise Identity and Access Management & Governance IDS/IPS (Intrusion Detection/Prevention Systems) Table 1: Changes of technology relevance, based on % of #1-#3 rankings three years from now compared to today. Table 1 provides some highly interesting insights. Real-time Security Intelligence will be used far more frequent than today. There is a slight tendency of moving towards managed services, in contrast to onpremise solutions which are favored today. Combined with the increase in relevance of Real-Time Threat Information Services, the overall area of Real-time Security Intelligence will become a dominant topic for cyber-security. This also aligns well with the increasing relevance of SOCs, where such technologies commonly are operated. Another winner will be Mobile Security Solutions, with a massively growing relevance due to the fact that most communication in organizations will happen based on mobile devices. Also Secure Information Sharing is expected to massively gain ground, addressing the root of the security challenges by directly protecting information instead of servers, network segments, or endpoints. Identity and Access Management, as well as Privilege Management, shows a slight decrease, however from a very high level. What really is obvious in this table is the loss of relevance of traditional Information Security technologies such as SIEM tools (to be replaced by Real-Time Security Intelligence), IDS/IPS, Endpoint Security, and Firewalls. For the latter three, the obvious trend goes towards more sophisticated, integrated solutions instead of point solutions at the network or endpoint level. Page 23 of 29
24 3.4 Budget changes Regardless of how important Information Security experts consider specific technology investments, at the end it is all about money. Thus, the question about budget changes is of particular interest. Here we asked for the Information Security budget change over the past 24 months. Fig. 24: Information Security budget changes within the past 24 months. While virtually no organization (0.5% of the responses) reported a decrease above 25%, a significant number (5.6%) report a decrease in the range of 5% to 25%. Another 43.7% mentioned that the budget remained more or less stable. However, this also means that a little more than 50% reported significant increases in Information Security budgets, with 8.1% of the organizations showing an increase of more than 50%. Overall, the growing attention on Information Security issues, beyond the experts, started resulting in spending more money for Information Security. 3.5 C-level attention The overall increase in Information Security spending aligns well with the results regarding the question set around C-level attention. On one hand, we asked for the main drivers of C-level attention. We furthermore analyzed in which industries we see an significant lack of C-level attention. Page 24 of 29
25 Fig. 25: Industries with a lack of C-level attention for Information Security. While the average value of a lack of C-level attention for Information Security is at 8.2%, governments show a rate of 26.3%. This means that in more than 1 out of 4 government organizations the C-level - i.e. the leaders of the organizations show no attention for Information Security issues. Given that probably all governments already are under attack, this is a horrible result, indicating an inacceptable level of ignorance. While the manufacturing industry is slightly above average (in a negative sense, indicating that fewer Clevel managers show attention to Information Security than on average), the Finance industry is placed in excellent position with only a very small minority of C-level managers not being aware of and interested in Information Security issues. This is obviously driven by the fact that these organizations are heavily regulated and common targets of attackers it is all about money. Nevertheless, this is the pattern organizations in other industries should follow. Page 25 of 29
26 Fig. 26: Reasons for C-level attention on Information Security. When finally looking at the various reasons for C-level attention, the most important ones are Information Security is part of Enterprise GRC and risks show up in C-level dashboards (26.0%) Incidents in other organizations have been recognized by the C-level (24.0%) Another important driver is the fear of C-level managers of personal penalties due to regulations (15.8%). Tangible audit findings caused the attention of the C-level in another 12.8% of the organizations, particularly in highly regulated industries such as the Finance industry. Another 10.2% mentioned that past incidents within the organization raised C-level attention. Given that virtually all organizations are under attack today, the question remains whether the relatively low number here is due to the higher importance of other drivers or due to the fact that attacks are not reported up to the C-level. Page 26 of 29
27 4 Recommendations Based on the results of this survey, KuppingerCole provides the following recommendations: Perform a Threat and Risk Analysis: Following a structured and standardized approach on Risk Management, identify the relevant threats and potential risks for your organization from internal attacks as well as cyber-attacks of all potential types of attackers. Understand the probability and impact of these risks, identify countermeasures and improve your resilience against attacks. Have a plan in place in case of attacks and build your security organization to identify and react on attacks. Invest in Real-time Security Intelligence: Analyze the emerging field of Real-Time Security Intelligence solutions and plan on deploying adequate solutions on-premise or as managed services. Align this with existing investments in SOCs (Security Operations Centers), SIEM (Security Information and Event Management), and Identity Analytics. Don t forget the internal attackers and do your IAM homework: Even while the threats by external attackers are ever-growing, do not underestimate the risk imposed by internal attacks. Understand that risk and take countermeasures as well, including a well thought-out IAM/IAG (Identity and Access Management & Governance) implementation. Notably, IAM/IAG also must cover other types of identities such as external users or, in the near future, things. Create one security strategy built on a risk analysis to align countermeasures and avoid point investments: Currently, security in many organizations is distributed across various siloes such as network infrastructure, client management, or IAM/IAG. Move towards a consistent Information Security organization which defines and executes a coherent strategy, avoiding point investments in siloes but spending the money focusing on mitigation of the most severe risks. Evaluate and invest in Secure Information Sharing: Address the challenges at the core, which is the information asset that needs to be protected. Secure Information Sharing is mature enough now to be used on a broad scale. Evaluate the current state of the market and start using Secure Information Sharing technologies as a central element within your Information Security strategy. Don t rely on firewalls only: They are only baseline protection. Firewalls will remain relevant, in the context of Real-Time Security Intelligence and as a first line of defense. However, firewalls are by far not sufficient, and they are neither the only nor the most important element to think about when redefining your Information Security strategy. Define your Enterprise Mobility Strategy and combine it with Secure Information Sharing: Everything goes mobile these days. Define your enterprise mobility strategy in a way that is ready to deal with any type of today s and future mobile devices and users. However, put your emphasis on information protection, not on device protection. Thus, combining this strategy with what you do in Secure Information Sharing is highly recommended. Notably, Enterprise Mobility and Mobile Security must never be defined in a siloed approach, but become part of the one overall security strategy. Page 27 of 29
28 Include Information Security in Enterprise GRC and C-level dashboards: The C-level attention for digital risks and security has grown massively. Now is the time to show the changes in threats and risks to the C-level, by integrating into existing or new Enterprise GRC tools. This ensures that attention remains high and will show progress on projects that mitigate such risks. The biggest challenge therein however might be that still a number of these tools do not integrate well with automated and manual IT GRC and thus Information Security controls. Thus, vendor selection has to be performed carefully. Not only the attacks are changing, but also the countermeasures have to change. This appears to be on the agenda of many companies today. Focusing on integrated approaches that address prevention, detection, and response in a comprehensive manner is key to success in these days of ever-increasing cyber-attacks. However, all technical countermeasures must be grounded in a well thought-out Information Security strategy and risk analysis. 5 Copyright 2015 Kuppinger Cole Ltd. All rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. Page 28 of 29
29 The Future of Information Security Today KuppingerCole supports IT professionals with outstanding expertise in defining IT strategies and in relevant decision making processes. As a leading analyst company KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business. KuppingerCole, founded in 2004, is a leading Europe-based analyst company for identity focused information security, both in classical and in cloud environments. KuppingerCole stands for expertise, thought leadership, and a vendor-neutral view on these information security market segments, covering all relevant aspects like Identity and Access Management (IAM), Governance, Risk Management and Compliance (GRC), IT Risk Management, Authentication and Authorization, Single Sign-On, Federation, User Centric Identity Management, eid cards, Cloud Security and Management, and Virtualization. For further information, please contact clients@kuppingercole.com Kuppinger Cole Ltd. Sonnenberger Strasse Wiesbaden Germany Powered by TCPDF ( Phone +49 (211) Fax +49 (211)
EXECUTIVE VIEW. KuppingerCole Report
KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger August 2017 is a mature enterprise-class offering for Privilege Management, supporting the key areas of the market such as Shared Account and Privileged
More informationKuppingerCole Whitepaper. by Dave Kearns February 2013
KuppingerCole Whitepaper by Dave Kearns February 2013 KuppingerCole Whitepaper Using Information Stewardship within by Dave Kearns dk@kuppingercole.com February 2013 Content 1. Summary... 3 2. Good information
More informationEXECUTIVE VIEW. One Identity SafeGuard 2.0. KuppingerCole Report
KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger August 2017 One Identity SafeGuard 2.0 One Identity SafeGuard 2.0 is a re-architected, modular solution for Privilege Management, supporting both
More informationNEXT GENERATION SECURITY OPERATIONS CENTER
DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting
More informationWHITEPAPER. Moving towards a holistic Cyber Risk Governance approach. KuppingerCole Report
KuppingerCole Report WHITEPAPER by Matthias Reinwarth October 2017 Moving towards a holistic Cyber Risk Governance The ongoing task of maintaining cyber security and risk governance, while providing evidence
More informationTHE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION
BREACH & ATTACK SIMULATION THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION Cymulate s cyber simulation platform allows you to test your security assumptions, identify possible security gaps and receive
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationTHALES DATA THREAT REPORT
2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security INDIA EDITION EXECUTIVE SUMMARY #2018DataThreat THE TOPLINE Rising risks for sensitive data in India In India, as in the rest of the
More informationSecurity in India: Enabling a New Connected Era
White Paper Security in India: Enabling a New Connected Era India s economy is growing rapidly, and the country is expanding its network infrastructure to support digitization. India s leapfrogging mobile
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationThe State of Cybersecurity and Digital Trust 2016
The State of Cybersecurity and Digital Trust 2016 Identifying Cybersecurity Gaps to Rethink State of the Art Executive Summary Executive Summary While the advent of digital technology has fueled new business
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationWHITE PAPER. Meeting GDPR Challenges with Delphix. KuppingerCole Report
KuppingerCole Report WHITE PAPER by Mike Small December 2017 GDPR introduces stringent controls over the processing of PII relating to people resident in the EU with high penalties for non-compliance.
More informationBuilding a Threat Intelligence Program
WHITE PAPER Building a Threat Intelligence Program Research findings on best practices and impact www. Building a Threat Intelligence Program 2 Methodology FIELD DATES: March 30th - April 4th 2018 351
More informationState of Cloud Survey GERMANY FINDINGS
2011 State of Cloud Survey GERMANY FINDINGS CONTENTS Executive Summary... 4 Methodology... 6 Finding 1: Cloud security is top goal and top concern.................................. 8 Finding 2: IT staff
More informationTHE STATE OF CLOUD & DATA PROTECTION 2018
THE STATE OF CLOUD & DATA PROTECTION 2018 Survey Results: 10 Findings on how over 800 IT Pros handle Disaster Recovery & Cloud Adoption. INTRODUCTION The Unitrends 2018 annual survey of IT professionals
More informationSpotlight Report. Information Security. Presented by. Group Partner
Cloud SecuriTY Spotlight Report Group Partner Information Security Presented by OVERVIEW Key FINDINGS Public cloud apps like Office 365 and Salesforce have become a dominant, driving force for change in
More informationBest wishes for 2018! Bryan Ware, CEO. Haystax Technology INSIDER THREAT PREDICTIONS FOR
See our insider threat predictions for 2018 based on data from nearly 1,500 companies that participated in a multi-year research study on insider attacks. This is the season for predictions, the time when
More informationFundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL
Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL Shifting budgets and responsibilities require IT and physical security teams to consider fundamental change in day-to-day
More informationHow to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model
How to Optimize Cyber Defenses through Risk-Based Governance Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model The Goal: Risk-Based Operationalization Incident Management IT/IS
More informationKey Findings from the Global State of Information Security Survey 2017 Indonesian Insights
www.pwc.com/id Key Findings from the State of Information Security Survey 2017 n Insights Key Findings from the State of Information Security Survey 2017 n Insights By now, the numbers have become numbing.
More informationSecurity for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape
White Paper Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape Financial services organizations have a unique relationship with technology: electronic data and transactions
More informationIBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation
IBM X-Force 2012 & CISO Survey Cyber Security Threat Landscape 1 2012 IBM Corporation IBM X-Force 2011 Trend and Risk Report Highlights The mission of the IBM X-Force research and development team is to:
More informationRun the business. Not the risks.
Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.
More informationSTOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.
Intelligence-driven security STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions. BETTER INTELLIGENCE. BETTER DEFENSE. The
More informationDIGITAL TRANSFORMATION IN FINANCIAL SERVICES
DIGITAL TRANSFORMATION IN FINANCIAL SERVICES Global Priorities, Progress, and Obstacles Insights from business and IT executives at financial services institutions worldwide reveal that while digital transformation
More informationEvolution of IT in the Finance Industry. Europe
2011 Evolution of IT in the Finance Industry Europe CONTENTS Evolution of IT in the Finance Industry... 4 Methodology... 6 Focus... 8 Finding 1: Finance Industry Has Mature View on IT Trends...10 Finding
More informationTHE CYBERSECURITY LITERACY CONFIDENCE GAP
CONFIDENCE: SECURED WHITE PAPER THE CYBERSECURITY LITERACY CONFIDENCE GAP ADVANCED THREAT PROTECTION, SECURITY AND COMPLIANCE Despite the fact that most organizations are more aware of cybersecurity risks
More informationTHE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:
October Sponsored by Introduction Mobile devices cause ongoing concern for IT teams responsible for information security. Sensitive corporate information is easily transported outside of managed environments,
More informationFOR FINANCIAL SERVICES ORGANIZATIONS
RSA BUSINESS-DRIVEN SECURITYTM FOR FINANCIAL SERVICES ORGANIZATIONS MANAGING THE NEXUS OF RISK & SECURITY A CHANGING LANDSCAPE AND A NEW APPROACH Today s financial services technology landscape is increasingly
More informationThe Third Annual Study on the Cyber Resilient Organization
The Third Annual Study on the Cyber Resilient Organization Global Independently conducted by the Ponemon Institute Sponsored by IBM Resilient Publication Date: March 2018 Ponemon Institute Research Report
More informationGDPR COMPLIANCE REPORT
2018 GDPR COMPLIANCE REPORT INTRODUCTION Effective as of May 25, 2018, the European Union General Data Protection Regulation (GDPR) represents the most sweeping change in data privacy regulation in decades.
More informationPONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY
PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on
More informationTHALES DATA THREAT REPORT
2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security U.S. FEDERAL EDITION EXECUTIVE SUMMARY #2018DataThreat THE TOPLINE Federal agency data is under siege. Over half of all agency IT security
More informationSecond International Barometer of Security in SMBs
1 2 Contents 1. Introduction. 3 2. Methodology.... 5 3. Details of the companies surveyed 6 4. Companies with security systems 10 5. Companies without security systems. 15 6. Infections and Internet threats.
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationKNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals
KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY Perspectives from U.S. and ese IT Professionals Executive Summary The use of artificial intelligence (AI) and machine learning (ML) in cybersecurity
More informationThe power management skills gap
The power management skills gap Do you have the knowledge and expertise to keep energy flowing around your datacentre environment? A recent survey by Freeform Dynamics of 320 senior data centre professionals
More informationRSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief
RSA Solution Brief Managing Risk Within Advanced Security Operations RSA Solution Brief How do you advance your security operations function? Increasingly sophisticated security threats and the growing
More informationSECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE
SESSION ID: SBX4W5 SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE Dara Such VP & Publisher, Security Networking and IoT TechTarget @darasuch What we ll cover today State of SecOps:
More information2 The IBM Data Governance Unified Process
2 The IBM Data Governance Unified Process The benefits of a commitment to a comprehensive enterprise Data Governance initiative are many and varied, and so are the challenges to achieving strong Data Governance.
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More information2018 Trends in Hosting & Cloud Managed Services
PREVIEW 2018 Trends in Hosting & Cloud Managed Services DEC 2017 Rory Duncan, Research Director, Managed Services & Hosting Penny Jones, Principal Analyst - MTDC & Managed Services Aaron Sherrill, Senior
More information9 TH SOUTHERN INDIA INFORMATION TECHNOLOGY FAIR (SIITF) THEME : EMERGING TECHNOLOGIES TO CREATE NEWER MARKETS
9 TH SOUTHERN INDIA INFORMATION TECHNOLOGY FAIR (SIITF) THEME : EMERGING TECHNOLOGIES TO CREATE NEWER MARKETS INTRODUCTION Today s business environment is global and highly-interconnected, increasing an
More informationSecurity-as-a-Service: The Future of Security Management
Security-as-a-Service: The Future of Security Management EVERY SINGLE ATTACK THAT AN ORGANISATION EXPERIENCES IS EITHER ON AN ENDPOINT OR HEADING THERE 65% of CEOs say their risk management approach is
More informationFTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.
FTA 2017 SEATTLE Cybersecurity and the State Tax Threat Environment 1 Agenda Cybersecurity Trends By the Numbers Attack Trends Defensive Trends State and Local Intelligence What Can You Do? 2 2016: Who
More informationCYBER SECURITY FOR BUSINESS COUNTING THE COSTS, FINDING THE VALUE
CYBER SECURITY FOR BUSINESS COUNTING THE COSTS, FINDING THE VALUE Business has always looked to squeeze the maximum possible benefit out of IT resources at the lowest possible cost but measuring return
More information2017 THALES DATA THREAT REPORT
2017 THALES DATA THREAT REPORT Trends in Encryption and Data Security FINANCIAL SERVICES EDITION www.thales-esecurity.com 2017 THALES DATA THREAT REPORT TRENDS IN ENCRYPTION AND DATA PROTECTION U.S. U.K.
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationDDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT
DDoS: STRATEGIES FOR DEALING WITH A GROWING THREAT 01. EXECUTIVE SUMMARY This report summarizes recent research on distributed denial of service (DDoS) attacks, which looks at data collated recently and
More informationRIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015
www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad
More informationSecure & Unified Identity
Secure & Unified Identity for End & Privileged Users Copyright 2015 Centrify Corporation. All Rights Reserved. 1 Key Point #1: Perimeter is Dissolving Making Identity Matter Most You must plant a strong
More informationBig data privacy in Australia
Five-article series Big data privacy in Australia Three actions you can take towards compliance Article 5 Big data and privacy Three actions you can take towards compliance There are three actions that
More informationDDoS MITIGATION BEST PRACTICES
DDoS MITIGATION BEST PRACTICES DDoS ATTACKS ARE INCREASING EXPONENTIALLY Organizations are becoming increasingly aware of the threat that Distributed Denial of Service (DDoS) attacks can pose. According
More informationMOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner
MOBILE SECURITY 2017 SPOTLIGHT REPORT Group Partner Information Security PRESENTED BY OVERVIEW Security and privacy risks are on the rise with the proliferation of mobile devices and their increasing use
More informationDDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT
DDOS DETECTION AND RESPONSE TRENDS IN THE ENTERPRISE: AN IANS CUSTOM REPORT SEPTEMBER 2014 COMMISSIONED BY: Contents Contents... 2 Introduction... 3 About the Survey and Respondents... 3 The Current State
More informationto Enhance Your Cyber Security Needs
Our Service to Enhance Your Cyber Security Needs Since the business critical systems by its nature are ON all of the time and the increasingly connected world makes you open your organization to everything
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationCredit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank
Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank Introduction The 6,331 credit unions in the United States face a unique challenge when it comes to cybersecurity.
More informationWhat can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco
What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco Increasing Digital Traffic Creates a Greater Attack Surface Global IP Traffic
More informationUser Survey Analysis: Next Steps for Server Virtualization in the Midmarket
User Survey Analysis: Next Steps for Server Virtualization in the Midmarket Gartner RAS Core Research Note G00207375, James A. Browning, Alan Dayley, 21 October 2010, RV2A411012011 Approximately 30% of
More informationNEXT-GENERATION DATACENTER MANAGEMENT
NEXT-GENERATION DATACENTER MANAGEMENT From DCIM to DCSO Sometimes described as the operating or ERP system for the datacenter, datacenter infrastructure management (DCIM) is a technology that helps operators
More informationImperva Incapsula Survey: What DDoS Attacks Really Cost Businesses
Survey Imperva Incapsula Survey: What DDoS Attacks Really Cost Businesses BY: TIM MATTHEWS 2016, Imperva, Inc. All rights reserved. Imperva and the Imperva logo are trademarks of Imperva, Inc. Contents
More informationEmerging Technologies The risks they pose to your organisations
Emerging Technologies The risks they pose to your organisations 10 June 2016 Digital trends are fundamentally changing the way that customers behave and companies operate Mobile Connecting people and things
More informationUnderstanding Persistent Connectivity: How IoT and Data Will Impact the Connected Data Center
Understanding Persistent Connectivity: How IoT and Data Will Impact the Connected Data Center Speaker: Bill Kleyman, EVP of Digital Solutions - Switch AFCOM and Informa Writer/Contributor (@QuadStack)
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationSecuring Digital Transformation
September 4, 2017 Securing Digital Transformation DXC Security Andreas Wuchner, CTO Security Innovation Risk surface is evolving and increasingly complex The adversary is highly innovative and sophisticated
More informationServices solutions for Managed Service Providers (MSPs)
McAfee Advanced Threat Defense Services solutions for Managed Service Providers (MSPs) Differentiate your services and protect customers against zero-day attacks with the industry s most comprehensive
More informationGovernance Ideas Exchange
www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights
More informationThe data quality trends report
Report The 2015 email data quality trends report How organizations today are managing and using email Table of contents: Summary...1 Research methodology...1 Key findings...2 Email collection and database
More informationKaspersky Security. The Power to Protect Your Organization
Kaspersky Security SOLUTIONS The Power to Protect Your Organization We believe that every organization from the smallest business to the largest corporation or government body should feel empowered to
More informationThe 2017 State of Endpoint Security Risk
The 2017 State of Endpoint Security Risk Attacks are evolving. As a result, today s organizations are struggling to secure their endpoints, and paying a steep cost for each successful attack. To discover
More informationPanda Security 2010 Page 1
Panda Security 2010 Page 1 Executive Summary The malware economy is flourishing and affecting both consumers and businesses of all sizes. The reality is that cybercrime is growing exponentially in frequency
More informationMoving Workloads to the Public Cloud? Don t Forget About Security.
Whitepaper Moving Workloads to the Public Cloud? Don t Forget About Security. Key considerations for developing a cloud-ready cybersecurity strategy Introduction For many organizations today, it s not
More information2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals
2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals Sponsored by Contents Introduction....3 Key Takeaways from the 2017 Report:....3 Security
More informationCyber Security. June 2015
Cyber Security June 2015 Table of contents Section Pages Introduction and methodology 3 Key findings 4 Respondent profile 5-9 Cyber security practices 10-25 Resources for monitoring cyber security events
More informationCYBERSECURITY AND THE MIDDLE MARKET
CYBERSECURITY AND THE MIDDLE MARKET The Importance of Cybersecurity and How Middle Market Companies Manage Cyber Risks IN COLLABORATION WITH 2 Concerns about cybersecurity are not matched by plans. IMPORTANCE
More informationACHIEVING FIFTH GENERATION CYBER SECURITY
ACHIEVING FIFTH GENERATION CYBER SECURITY A Survey Research Report of IT and Security Professionals MARCH 2018 INTRODUCTION The pursuit of the highest level of cyber security is a top priority for IT and
More informationGood Technology State of BYOD Report
Good Technology State of BYOD Report New data finds Finance and Healthcare industries dominate BYOD picture and that users are willing to pay device and service plan costs if they can use their own devices
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationCyber Security. It s not just about technology. May 2017
Cyber Security It s not just about technology May 2017 Introduction The Internet has opened a new frontier in warfare: everything is networked and anything networked can be hacked. - World Economic Forum
More informationSecurity Information & Event Management (SIEM)
Security Information & Event Management (SIEM) Datasheet SIEM in a nutshell The variety of cyber-attacks is extraordinarily large. Phishing, DDoS attacks in combination with ransomware demanding bitcoins
More informationTowards a cyber governance maturity model for boards of directors
Towards a cyber governance maturity model for boards of directors Professor Basie von Solms Centre for Cyber Security University of Johannesburg Johannesburg, South Africa Keywords Cyber Security, Boards,
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationGLOBAL ENCRYPTION TRENDS STUDY
GLOBAL ENCRYPTION TRENDS STUDY April 2017 EXECUTIVE SUMMARY EXECUTIVE SUMMARY Ponemon Institute is pleased to present the findings of the 2017 Global Encryption Trends Study, sponsored by Thales e-security.
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationWeb Services Take Root in Banks and With Asset Managers
Strategic Planning, M. Knox, W. Andrews, C. Abrams Research Note 18 December 2003 Web Services Take Root in Banks and With Asset Managers Financial-services providers' early Web services implementations
More informationRSA INCIDENT RESPONSE SERVICES
RSA INCIDENT RESPONSE SERVICES Enabling early detection and rapid response EXECUTIVE SUMMARY Technical forensic analysis services RSA Incident Response services are for organizations that need rapid access
More informationCYBERBIT P r o t e c t i n g a n e w D i m e n s i o n
CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n CYBETBIT in a Nutshell A leader in the development and integration of Cyber Security Solutions A main provider of Cyber Security solutions for the
More informationBest practices in IT security co-management
Best practices in IT security co-management How to leverage a meaningful security partnership to advance business goals Whitepaper Make Security Possible Table of Contents The rise of co-management...3
More informationRSA Cybersecurity Poverty Index
RSA Cybersecurity Poverty Index 2016 RSA Cybersecurity Poverty Index Overview Welcome to RSA s second annual Cybersecurity Poverty Index. The RSA Cybersecurity Poverty Index is the result of an annual
More informationCybersecurity and the Board of Directors
Cybersecurity and the Board of Directors Key Findings from BITS/FSR Meetings OVERVIEW Board directors are increasingly required to engage in cybersecurity risk management yet some may need better education
More informationCybersecurity 2016 Survey Summary Report of Survey Results
Introduction In 2016, the International City/County Management Association (ICMA), in partnership with the University of Maryland, Baltimore County (UMBC), conducted a survey to better understand local
More informationTop 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)
ESG Lab Review Sophos Security Heartbeat Date: January 2016 Author: Tony Palmer, Sr. ESG Lab Analyst; and Jack Poller, ESG Lab Analyst Abstract: This report examines the key attributes of Sophos synchronized
More informationARC VIEW. Critical Industries Need Continuous ICS Security Monitoring. Keywords. Summary. By Sid Snitkin
ARC VIEW FEBRUARY 1, 2018 Critical Industries Need Continuous ICS Security Monitoring By Sid Snitkin Keywords Anomaly and Breach Detection, Continuous ICS Security Monitoring, Nozomi Networks Summary Most
More informationTo Audit Your IAM Program
Top Five Reasons To Audit Your IAM Program Best-in-class organizations are auditing their IAM programs - are you? focal-point.com Introduction Stolen credentials are the bread and butter of today s hacker.
More informationAs Enterprise Mobility Usage Escalates, So Does Security Risk
YOUR SECURITY. CONNECTED WHITE PAPER As Enterprise Mobility Usage Escalates, So Does Security Risk Even as more organizations embrace the use of mobile devices by employees and customers to access services
More informationRSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE
WHITEPAPER RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE CONTENTS Executive Summary........................................ 3 Transforming How We Think About Security.......................... 4 Assessing
More informationCyber-Threats and Countermeasures in Financial Sector
Michael Mavroforakis, PhD Group CISO & CDO SEV: Workshop on Digital Enablers (Cloud & Cybersecurity) 27th March 2018 Agenda: CYBERSECURITY Potential Targets Attack Examples Insider vs Outsider Threats
More information