GDPR drives compliance to top of security project list for 2018

Similar documents
Best Practices in Securing a Multicloud World

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

IBM Security Guardium Analyzer

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

The Convergence of Security and Compliance

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

BREACHES HAPPEN: BE PREPARED. Endpoint Detection & Response

MITIGATE CYBER ATTACK RISK

GDPR COMPLIANCE REPORT

Cybersecurity in Higher Ed

THE IMPACT OF SECURITY ON APPLICATION DEVELOPMENT. August prevoty.com. August 2015

External Supplier Control Obligations. Cyber Security

PROFESSIONAL SERVICES (Solution Brief)

A company built on security

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

GDPR: An Opportunity to Transform Your Security Operations

Modern Database Architectures Demand Modern Data Security Measures

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Tripwire State of Container Security Report

Are we breached? Deloitte's Cyber Threat Hunting

Cybersecurity Considerations for GDPR

Onapsis: The CISO Imperative Taking Control of SAP

Putting security first for critical online brand assets. cscdigitalbrand.services

THALES DATA THREAT REPORT

ForeScout Extended Module for Splunk

Oracle Database Security Assessment Tool

What is Penetration Testing?

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Cybersecurity The Evolving Landscape

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Security Awareness Compliance Requirements. Updated: 11 October, 2017

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals

Simplify, Streamline and Empower Security with ISecOps

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

The Evolving Security Landscape: Security and Compliance Trends. Andreas M Antonopoulos Senior Vice President & Founding Partner

Cyber Risks in the Boardroom Conference

Information Security Risk Strategies. By

HIMSS 15 Doing Better Business in the Era of Data Security and Privacy

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

Endpoint Security Can Be Much More Effective and Less Costly. Here s How

K12 Cybersecurity Roadmap

From Managed Security Services to the next evolution of CyberSoc Services

FOR FINANCIAL SERVICES ORGANIZATIONS

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

The Impact of Cybersecurity, Data Privacy and Social Media

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

Automating the Top 20 CIS Critical Security Controls

Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014

Reducing Liability and Threats through Effective Cybersecurity Risk Measurement. Does Your Security Posture Stand Up to Tomorrow s New Threat?

Security Breaches: How to Prepare and Respond

Mastering The Endpoint

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Mapping Cyber-Protections to Regulatory Requirements for Fintech

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Getting ready for GDPR

GUIDE. Navigating the General Data Protection Regulation Mini Guide

Building a Resilient Security Posture for Effective Breach Prevention

General Data Protection Regulation (GDPR) The impact of doing business in Asia

Skybox Security Vulnerability Management Survey 2012

2016 Survey: A Pulse on Mobility in Healthcare

THE EU GENERAL DATA PROTECTION REGULATION CHECK POINT FOR EFFICIENT AND EFFECTIVE COMPLIANCE WELCOME TO THE FUTURE OF CYBER SECURITY

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

IBM Proventia Management SiteProtector Sample Reports

HIPAA Compliance is not a Cybersecurity Strategy

SYNACK PCI DSS PENETRATION TESTING TECHNICAL WHITE PAPER

GLBA. The Gramm-Leach-Bliley Act

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

GDPR Update and ENISA guidelines

SGS CYBER SECURITY GROWTH OPPORTUNITIES

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Five Ways that Privacy Shield is Different from Safe Harbor and Five Simple Steps Companies Can Take to Prepare for Certification

Fabrizio Patriarca. Come creare valore dalla GDPR

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Vendor Security Questionnaire

Securing Health Data in a BYOD World

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

Protect Your End-of-Life Windows Server 2003 Operating System

Aligning Your Organization s Business Units to Achieve a Cohesive Cybersecurity Strategy

The Role of the Data Protection Officer

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Role of BC / DR in CISRP. Ramesh Warrier Director ebrp Solutions

The 2017 State of Endpoint Security Risk

Transcription:

REPORT REPRINT GDPR drives compliance to top of security project list for 2018 DANIEL KENNEDY 4 OCT 2018 Compliance requirements vary from one industry to the next. The May Voice of the Enterprise, Information Security survey of 552 security professionals looks at the trends and factors affecting security teams and project prioritization. THIS REPORT, LICENSED TO GIGAMON IT SOLUTIONS, DEVELOPED AND AS PROVIDED BY 451 RESEARCH, LLC, WAS PUBLISHED AS PART OF OUR SYNDICATED MARKET INSIGHT SUBSCRIP- TION SERVICE. IT SHALL BE OWNED IN ITS ENTIRETY BY 451 RESEARCH, LLC. THIS REPORT IS SOLELY INTENDED FOR USE BY THE RECIPIENT AND MAY NOT BE REPRODUCED OR RE- POSTED, IN WHOLE OR IN PART, BY THE RECIPIENT WITHOUT EXPRESS PERMISSION FROM 451 RESEARCH. 2018 451 Research, LLC WWW.451RESEARCH.COM

Compliance requirements vary from one industry to the next. In an ideal world, it would be nice if compliance were simply the byproduct of a good security program, but things rarely work that perfectly; compliance and security each represent their own set of diverging requirements. The 2018 Voice of the Enterprise: Information Security, Workloads and Key Projects survey of 552 security professionals looks at the trends and factors affecting security teams and project prioritization. THE 451 TAKE The attention around the General Data Protection Regulation (GDPR), with its timelines for notification, new requirements for identity and privacy, and significant potential fines, has added to substantial industry requirements already present and pushed compliance requirements to the top of the list of pain points and security projects. REPORT HIGHLIGHTS Top pain points While end-user behavior continues to be a top pain point for companies with fewer than 10,000 employees, respondents from very large organizations are struggling with cloud security. Compliance jumps the queue The EU enactment of the GDPR in May has pushed compliance to the forefront of security project priorities for the coming year. Endpoint security Endpoint security remains relevant. It is still the most widely adopted (91%) security technology across organizations of all sizes. Compromised endpoints On average, companies with fewer than 1,000 employees spend 5.2 hours a week cleaning up compromised endpoints. Larger organizations with many more endpoints to manage are spending 8.5 and 13.5 hours a week. TOP SECURITY PAIN POINTS User behavior continues to be a top pain point for companies with fewer than 10,000 employees. A closer look at the top three security pain points by company size shows that for 39% of very large organizations, cloud security is their top paint point. FIGURE 1: TOP SECURITY PAIN POINTS BY COMPANY SIZE

COMPLIANCE JUMPS THE QUEUE What constitutes compliance is very industry-specific (e.g., Gramm-Leach-Bliley Act, HIPAA, HITECH, etc.), but the breach notification timelines and fines associated with the European Union GDPR enacted on May 25 has gotten the attention of many security managers. The GDPR not only applies to organizations located within the EU, but it will also apply to all companies processing and holding the personal data of data subjects residing in the EU, regardless of the company s location. Companies out of compliance can face steep fines. Although compliance has been an ongoing concern, GDPR is causing a reprioritization of security project plans, and in some cases, has derailed them especially in Europe. Instead, companies are focusing on inventorying systems against new concepts of identity and remediating identified gaps. Consequently, regulatory compliance (PCI compliance, GDRP, PSD2, NIST) is the top security project for 35% of respondents over the next 12 months, and this is true for organizations of all sizes. That number jumps to 40% for very large organizations with more than 10,000 employees. FIGURE 2: TOP SECURITY PROJECTS PROJECT APPROVAL DRIVERS For the last three years, some manner of risk assessment has been the most common driver moving security projects forward. In 2018, compliance requirements (23%) are edging out risk assessment (22%) as the top factor in security projects being approved and prioritized. FIGURE 3: DRIVERS FOR SECURITY PROJECT APPROVAL

ENDPOINT SECURITY Endpoint security remains relevant; even as new architectures come further into play, protecting users endpoints remains a concern. Endpoint security (91%) is still the most widely adopted security technology across organizations of all sizes. This is followed closely by firewall (86%) and email security (86%). FIGURE 4: SECURITY TECHNOLOGY IN USE COMPROMISED ENDPOINTS Endpoints are critical points of vulnerability. When endpoints are compromised, that device transforms from a secure endpoint on the corporate network to an exploitable access point vulnerable to external cyber attacks. This exposes not just the device, but the entire corporate network to the threat. On average, companies with fewer than 1,000 employees spend 5.2 hours a week cleaning up compromised endpoints. Larger organizations with many more endpoints to manage are spending 8.5 and 13.5 hours a week, on average. FIGURE 5: TIME SPENT CLEANING UP COMPROMISED ENDPOINTS

DEALING WITH COMPROMISED ENDPOINTS The remediation process is time-consuming because it is highly manual 52% of respondents are forced to reimage the system if other forms fail, and another 50% manually clean the compromised system. FIGURE 6: REMEDIATION OF ENDPOINTS PUSH TO DECREASE ENDPOINT TOOLS Organizations are pushing back against the number of tools they re running on each endpoint. On average, organizations have three (2.8) endpoint security solutions running. Larger enterprises (10,000-plus employees) have closer to four. FIGURE 7: DEPLOYED ENDPOINT SECURITY OFFERINGS

PRIMARY USERS OF ENDPOINT SECURITY TOOLS The primary user of endpoint security tools varies by company size. For half of very large organizations with more than 10,000 employees, the security operations team is the primary user. However, for smaller enterprise with fewer than 1,000 employees, the desktop/it team is the primary user. FIGURE 8: PRIMARY ENDPOINT SECURITY USERS

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback