2018 THALES DATA THREAT REPORT

Transcription

1 2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security U.S. HEALTHCARE EDITION

2 2018 THALES DATA THREAT REPORT NOW IN ITS SIXTH YEAR SWEDEN NETHERLANDS U.S. U.K. GERMANY KOREA JAPAN INDIA Copyright 2018 Thales 1,200+ SENIOR IT SECURITY EXECUTIVES SURVEYED GLOBALLY 500 U.S. TOTAL 100 U.S. HEALTHCARE 100 GLOBAL HEALTHCARE

3 HEALTHCARE DATA SECURITY CODE RED BREACHED EVER BREACHED IN THE LAST YEAR 77% More than 3 out of 4 large U.S. healthcare organizations have now been breached. The highest of any vertical we measured 2.5 x Rates of breaches in the last year at federal agencies are up 2.5x from 2016 in this year s results BREACHED. AGAIN! breached both in the last year and previously

4 HEALTHCARE FEELING VULNERABLE TO DATA THREATS More than three-fourths (77%) of U.S. healthcare respondents reported at least one breach at some time in the past - the highest among all U.S. verticals. Garrett Bekker Principal Analyst for Information Security, 451 Research Author of the 2018 Thales Data Threat Report

5 HEALTHCARE ORGANIZATIONS ARE RESPONDING INCREASING SPENDING RATES OF MUCH HIGHER SPENDING Healthcare IT Security spending increases. Rates of Much Higher spending increases by year % 22% 14% IMPLEMENTING DATA SECURITY TOOLS Implementing now, or planning to implement these top tools for protecting sensitive data in % Data masking 60% Identity and access management 59% Database and file encryption 57% Encryption in the cloud

6 BUT HOW EFFECTIVE WILL THAT INCREASED SPENDING BE? U.S. HEALTHCARE PLANS TO SPEND THE MOST ON SECURITY FOR ENDPOINT AND MOBILE DEVICES, DESPITE RANKING THESE AS LEAST EFFECTIVE. Garrett Bekker Principal Analyst for Information Security, 451 Research Least effective but highest spending increase Spending Increase Highly effective but lowest spending increase Rated Effective

7 DIGITAL HEALTHCARE INITIATIVES INCREASE RISK FOR DATA New environments require new approaches to protecting citizen data, government secrets and other sensitive information 95% use digital transformation technologies with sensitive data (cloud, big data, IoT, containers, blockchain and mobile payments) MASSIVE ADOPTION COMPOUNDS THE PROBLEM Cloud Big Data IoT Blockchain Mobile Paymts 100% 96% 92% 92% 90%

8 DEPLOYING SENSITIVE DATA TO THE CLOUD Multi-cloud usage compounds the problem 63% using 3 or more IaaS or PaaS providers using 3 or more 52% PaaS providers 48% Using more than 50 SaaS applications, where data is inherently harder to control CONCERNS ARE HIGH (rates of very/extremely concerned) Managing Encryption Keys across multiple cloud environments 78% AND RATES OF ENCRYPTION USAGE TODAY ARE LOW Increased vulnerabilities 75% Meeting compliance requirements Control over the location of data 75% 74% Only 32% using encryption in the cloud today Data may be at risk if their cloud vendor fails or is acquired 73%

9 CONTROLLING DATA IN THE CLOUD HEALTHCARE GETS IT CONTROL THE KEYS TO CONTROL THE DATA 48% Local control of encryption keys Local control of cloud 29% encryption keys Control of sensitive data protected with encryption hinges on control of the encryption keys The healthcare vertical has emerged as a prime target for hackers. While a stolen credit card has a time-limited value (the card number can be changed), PHI and electronic medical records (EMR) are stuffed with immutable data that can and do fetch hundreds of dollars per stolen record on illegal online markets. Garrett Bekker Principal Analyst for Information Security, 451 Research Author of the 2018 Thales Data Threat Report

10 HEALTHCARE ADOPTION OF BIG DATA IS HIGH SENSITIVE DATA USE COMPOUNDS PROBLEMS 96% now use big data 38% are using sensitive data within big data environments today Top concerns for sensitive data within big data environments What s needed to speed Big Data adoption? Sensitive data may reside anywhere within the environment Privacy violations 35% 28% 35% 29% 28% 28% 25% Lack of effective access controls 27% Lack of native security frameworks Privileged users 26% 24% System level encryption and access controls Compliance certifications for big data Sensitive data discovery and classification Mask data by role within big data Improved monitoring and reporting tools

11 IOT IN HEALTHCARE ENCYRPTION REQUIRED Top IoT uses in healthcare 92% Using or planning to use IoT this year 45% 33% Medical Environmental 25% Scientific and Personal/Wearables Top concerns with IoT 25% 24% 23% 20% 20% 31% are using sensitive data with IoT applications Encryption a key tool enabling safe use of IoT Encryption establishes secure identity with digital birth certificates for IoT devices Encryption protects data-in-transit Encryption protects data on devices Encryption and access controls help organizations meet compliance requirements for back end data stores Protecting sensitive data generated by IoT Attacks on IoT devices Loss or theft of IoT devices Lack of security frameworks Lack of personnel skilled in IoT Security

12 ENCRYPTION A CRITICAL TOOL FOR PROTECTING SENSITIVE DATA Encryption tools are needed to drive digital healthcare initiatives 48% Cloud: Encryption is the top toolneeded for more cloud use 35% Big Data: System level encryption and access controls 49% IoT: Secure authentication (an encryption technology) a top tool need for more IoT adoption 31% Containers: Availability of encryption tools would increase adoption Good news In spite of low funding, most organizations are implementing or planning to implement data security tools this year

13 2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security U.S. HEALTHCARE EDITION