IT Security: Managing a New Reality

Similar documents
CLOSING IN FEDERAL ENDPOINT SECURITY

Sales Presentation Case 2018 Dell EMC

Securing Digital Transformation

Gartner Mid Market Trends- Featured at MES #MES17

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

THALES DATA THREAT REPORT

Transforming your network for the digital economy

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

Optimisation drives digital transformation

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Strategies for a Successful Security and Digital Transformation

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

CYBERSECURITY RESILIENCE

Hybrid IT for SMBs. HPE addressing SMB and channel partner Hybrid IT demands ANALYST ANURAG AGRAWAL REPORT : HPE. October 2018

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.

Cisco Start. IT solutions designed to propel your business

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

MOBILE SECURITY, SECURE ACCESS AND BYOD AS A SERVICE. Jonas Gyllenhammar NNTF 2012

epldt Cloud Services 4 th National ICT Summit National ICT Confederation of the Philippines (NICP) GENSAN, November 4-6, 2011 Sonny Valdez CTO, epldt

Defensible and Beyond

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

ACHIEVING FIFTH GENERATION CYBER SECURITY

Healthcare IT Modernization and the Adoption of Hybrid Cloud

Data Protection Everywhere

CYBER SECURITY FOR BUSINESS COUNTING THE COSTS, FINDING THE VALUE

Evolution For Enterprises In A Cloud World

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

The Modern SOC and NOC

Converged Cloud and Digital Transformation: A Strategy for Business Success

From Managed Security Services to the next evolution of CyberSoc Services

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

ForeScout Extended Module for Splunk

Cyber Resilience. Think18. Felicity March IBM Corporation

Odin. SMB Cloud InsightsTM GERMANY

CASE STUDY: USING THE HYBRID CLOUD TO INCREASE CORPORATE VALUE AND ADAPT TO COMPETITIVE WORLD TRENDS

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

HOSTED SECURITY SERVICES

Building a Threat Intelligence Program

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

How will cyber risk management affect tomorrow's business?

The New Normal. Unique Challenges When Monitoring Hybrid Cloud Environments

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

CyberEdge Group 2018 Cyberthreat Defense Report

What It Takes to be a CISO in 2017

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Cloud-Enable Your District s Network For Digital Learning

Rethink Enterprise Endpoint Security In The Cloud Computing Era

Cybersecurity The Evolving Landscape

Outsourcing & remote teams: cyber security vulnerabilities

SentryWire Next generation packet capture and network security.

SentryWire Next generation packet capture and network security.

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL

Modern Database Architectures Demand Modern Data Security Measures

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

A Global Look at IT Audit Best Practices

Odin. SMB Cloud InsightsTM CANADA

Market Trends in Public Cloud Storage

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

The Future of Network Infrastructure & Management

SECURITY REDEFINED. Managing risk and securing the business in the age of the third platform. Copyright 2014 EMC Corporation. All rights reserved.

85% 89% 10/5/2018. Do You Have A Firewall Around Your Cloud? Conquering The Big Threats & Challenges

CLOUD COMPUTING PRIMER

IPMA State of Washington. Disaster Recovery in. State and Local. Governments

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

THE IMPLICATIONS OF PERFORMANCE, SECURITY, AND RESOURCE CONSTRAINTS IN DIGITAL TRANSFORMATION

Simplifying Endpoint Management and Security For an Evolving and Complex Mobile Workforce

Are You Protected. Get Ahead of the Curve

2017 Riverbed Technology. All rights reserved.

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

MOVING MISSION IT SERVICES TO THE CLOUD

SD-WAN. Enabling the Enterprise to Overcome Barriers to Digital Transformation. An IDC InfoBrief Sponsored by Comcast

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

FOR FINANCIAL SERVICES ORGANIZATIONS

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Best Practices in Healthcare Risk Management. Balancing Frameworks/Compliance and Practical Security

WHITEPAPER. How to secure your Post-perimeter world

Run the business. Not the risks.

KEDAYAM A KAAPAGAM MANAGED SECURITY SERVICES. Kaapagam Technologies Sdn. Bhd. ( T)

CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

BYOD. Transformation. Joe Leonard Director, Secure Networks. April 3, 2013

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

How to master hybrid IT. Get the speed and agility you want, with the visibility and control you need

NEN The Education Network

SGS CYBER SECURITY GROWTH OPPORTUNITIES

10 Cloud Myths Demystified

Why Enterprises Need to Optimize Their Data Centers

Unlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.

Danish Cloud Maturity Survey 2018

SMB Cloud InsightsTM

A Guide to Closing All Potential VDI Security Gaps

Go mobile. Stay in control.

Innovate or die!? Modern IT Workplace Security. Alex Verboon Cyber Security Consultant

Transcription:

IT Security: Managing a New Reality Kevin Lonergan #IDCDirections IDC

You re Only as Strong as Your Weakest Link Locks Only Work if you Know How to Use Them IDC 2

Millions Canadian Security Market Forecast: 2017-2022 Key Trends Canadian organizations are currently spending 10% of their IT budget on security Cloud and DX reshaping market opportunities MSS leading growth of services as firms struggle with 24x7 monitoring and skills availability Subscription based solutions continue to evolve IDC 3

Big Cybersecurity Numbers Across Canada Attacks (known) Breaches (known) Days of downtime Records exposed Average attacks per year Average cost per breach 83,000,000 nationwide 2,600,000 nationwide 813,000 nationwide 100,000,000 nationwide 455 / organization $3,700,000 / organization Mega breaches exposing millions of records make headlines. But attackers will settle for dozens of records, from a breach of smaller organization. Results from the 2018 Scalar Study conducted by IDC Canada IDC 4

The Truth About the Canadian SMB 2.4% 23% 27% 51% Market Breakdown The 1800 enterprise organizations make up over 50% of IT spend. Midmarket organizations represent 2.4% of the market and represent 44% of IT spend Large 1000+ Medium 100-999 Small <100 97.6% 50% 44% The vast majority of Canadian organizations have less than 100 employees. 97.6% of organizations fall into this category, employing 50% of the Canadian workforce, but only generating 6% of overall IT spend 6% % Total Biz Count % All Employees % IT Spend IDC 5

What Are We Protecting? Data Classification IT Assets by Organization Size Public, 28% Proprietary, 36% Top Secret, 36% TBs of Storage Servers Mobile Devices Average Number of Breaches per Year Small: 8 breaches Midmarket: 9 breaches Enterprise: 11 breaches PCs/Laptops 0 1,000 2,000 3,000 4,000 5,000 6,000 7,000 Total Small Midmarket Enterprise Results from the 2018 Scalar Study conducted by IDC Canada IDC 6

How Long Before Knowing a Breach Happened Length of time security consultants and vendors say it takes the average Canadian organization to detect a breach Thanks Folks! Within hours 5% Within a week 34% Within a month 18% Within a year 31% A year or more 12% Oh, Canada IDC 7

10 Key Areas to Protect: Target Scalar Study Finding Comments Employee 26% trained to identify attacks / 59% learn care for sensitive data Train employees on tools, attacks, updating, care of data PC 30% left exposed for weeks after patch release Keep m updated Smartphone 28% concerned about mobile threats Doing an OK job, but increase awareness of new threats Sensor / IoT 37% concerned w/ IoT security This will get worse Messaging 58% see high value in email security solutions Lots of focus has paid off Web 89% admit slow patching/updating Horrible! At least patch/update Server 86% admit slow patching/updating Importance of pen tests/vuln assessment Network 61% finding good satisfaction with NGFW Don t rely on basic tech, Upgrade to better analytics IaaS/PaaS 66% left exposed for MONTHS This will get worse too. Treat cloud like on-prem Partners 26% have comprehensive knowledge of partner security Try to learn more about your partners security posture Results from the 2018 Scalar Study conducted by IDC Canada IDC 8

Probability How Canadian Organizations View Their Attack Surfaces 2018 2017 Employee Social Media Smartphone Removable Media Email Laptop PC Wifi Web Apps Public Cloud Wired Network Server Sensors / IoT Impact IDC 9

Critical Roadblocks to Improving Security Rank Top 5 Security Roadblocks 1 Budget 2 Employee knowledge 3 New and changing threats 4 Lack leadership 5 Lack policy Who Needs the Rank Most Training? 1 IT Staff 2 Operations Staff 3 Sales Staff % employees trained in email and web security in the last 12 months: <25% 25%-49% 50%-74% >75% 54% 8% 10% 23% Employees lack of knowledge regarding security is a top roadblock cited by Canadian firms, yet there is limited training happening! Majority of workers receive little to no training. Half of Canadian organizations admit that their IT security habits need improvement, including training IDC 10

Proportion of Security Spend by Product Type Messaging 5% Network 39% Web 9% Cloud 17% SVM 14% IAM 16% Mobile Server 3% 4% PCs 10% On Premise 83% IDC 11

Security Technology Growth, 2018 IDC 84

Canadian Cybersecurity Focus, 2018 $418M 9.2% $2.1B 7.1% $300M 16.3% $47M 18.9% Size Growth Size Growth Size Growth Size Growth Identify Protect Detect Respond / Recover Canadian Market Trends weaknesses & priorities data & uptime attacks & breaches thoroughly & quickly Focus on risk mgmt., grows as attack surfaces expands across digital. DPA and GDPR drive spend in 2018. Analytics, integrated edge, securing IaaS / PaaS is evolving the market Majority of spend is still on traditional perimeter security. ML/AI improving threat intel. MSSPs differentiated by maturity level. Critical: attackers on Cdn networks for months before detection. Larger/targeted attacks drive planning and recovery spend. Shared responsibility w/ cloud providers adds complexity and activity. NIST: https://www.nist.gov/cyberframework IDC 13

Security Product Market Remains Fragmented Number of IT Security Vendors Used by Canadian Organizations 30% 25% 20% 15% 10% The security product market remains fragmented with organizations implementing point solutions for different vendors Almost 1/3 of organizations state using different vendors for all security products. 5% 0% 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 15+ Number of Vendors 14

A Network Admin s Typical Work Week Troubleshooting Configuration Updates / Provision Security Traffic optimization Network admins are spending more time on security than they were a few years ago. IDC 15

Reasons for Migrating to Managed Security Services Staff knowledge of security threats 42% Staffing concerns are top drivers for MSS adoption in 2018. Organizations struggle to find qualified professionals for 24x7 monitoring and management Staff availability/constraints Staff recruiting (e.g., unable to find security professionals) Security isn't core to our business Less expensive than delivering ourselves Staff retention 40% 36% 35% 29% 24% Don t have the proper technology in-house 10% Sample Size = 211 QMS02: Why is/would your organization select managed security services? IDC 16

The Growing Desire in Canada for 3rd Party to Take on Security Next 3 Years 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% 11% 8% 14% 15% 19% 20% 11% 16% 27% 28% 16% 26% 24% 27% 24% 23% 78% 75% 70% 60% 57% 52% 49% 49% Server Network Endpoint SVM IAM Mobile Web Messaging On-premise Managed by MSSP Cloud/SaaS The move is on to bring in outside help to shore up defenses across the attack surface. Firms layer inside resources with external providers IDC 17

IDC Recommendations 1 Be a leader. A lack of leadership is a top 5 roadblock for improving cyber security. Organizations with strong leadership experience 25% less breaches 2 Have a risk plan. Spend the time to create a cyber security risk plan. Organizations with a risk plan experience a significant reduction in security breaches 3 Revisit BYOD. Make sure you have proper policies in place to secure BYOD devices. Telcos and MSSPs can t enforce security policies on personal devices without written consent from the employee. As a general rule personal devices shouldn t have access to the enterprise network, use guest instead 4 Do the basics. Train Staff and patch faster. Canadian organizations are still slow to patch their infrastructure and endpoints. No one wants to be the next Equifax 5 Have an incident response plan. Your organization will experience a breach. Having a incident response plan allows you to act quicker saving time and money IDC 18

For More Information Kevin Lonergan klonergan@idccanada.com Twitter https://twitter.com/@idccanada LinkedIn https://www.linkedin.com/company/idc-canada www.idc.com/ca IDC 19

Thank you! IDC 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback