Best wishes for 2018! Bryan Ware, CEO. Haystax Technology INSIDER THREAT PREDICTIONS FOR

Similar documents
INSIDER THREAT 2018 REPORT PRESENTED BY:

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

INSIDER THREAT 2018 REPORT PRESENTED BY

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

GDPR COMPLIANCE REPORT

The 2017 State of Endpoint Security Risk

Spotlight Report. Information Security. Presented by. Group Partner

Big Data Cybersecurity Analytics Research Report Sponsored by Cloudera

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

Operationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results

Mastering The Endpoint

Toward an Automated Future

Tripwire State of Cyber Hygiene Report

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

NEXT GENERATION SECURITY OPERATIONS CENTER

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Background FAST FACTS

ACHIEVING FIFTH GENERATION CYBER SECURITY

CYBER SOLUTIONS & THREAT INTELLIGENCE

THREAT HUNTING REPORT

CYBERSECURITY HOW IT IS TRANSFORMING THE IT ASSURANCE FIELD

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

WHY MOBILE SECURITY SHOULD BE IN YOUR TOP PRIORITIES

Tripwire State of Container Security Report

THREAT MONITORING, DETECTION & RESPONSE

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

VARONIS CASE STUDY. Kirton McConkie. A Financial Services Design And Distribution Firm

YOU VE GOT 99 PROBLEMS AND A BUDGET S ONE

THE POWER OF TECH-SAVVY BOARDS:

Todd Sander Vice President, Research e.republic Inc.

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Spotlight Report. Information Security. Presented by. Group Partner

Introducing Cyber Observer

The State of Cybersecurity and Digital Trust 2016

THREAT HUNTING REPORT

Building a Threat Intelligence Program

Vulnerability Management Survey

Continuous protection to reduce risk and maintain production availability

with Advanced Protection

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

A CFO s Guide to Cyber Security in the Coming Year

Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

A Data-Centric Approach to Endpoint Security

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals

Traditional Security Solutions Have Reached Their Limit

THALES DATA THREAT REPORT

Vulnerability Management Trends In APAC

HOSTED SECURITY SERVICES

TRUE SECURITY-AS-A-SERVICE

2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals

BETTER Mobile Threat Defense (BMTD)

MULTI-CLOUD REQUIRES NEW MANAGEMENT STRATEGIES AND A FORWARD-LOOKING APPROACH

Evolve Your Security Operations Strategy To Account For Cloud

The Third Annual Study on the Cyber Resilient Organization

MarkMonitor Dark Web and Cyber Intelligence TM Dark Web Threat Intelligence to Protect Against Cyberattacks

Security Operations in Flux

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

to Enhance Your Cyber Security Needs

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

2018 Mobile Security Report

Symantec Security Monitoring Services

RSA NetWitness Suite Respond in Minutes, Not Months

CyberEdge Group 2018 Cyberthreat Defense Report

CLOSING IN FEDERAL ENDPOINT SECURITY

Cyber Security Trends A quick guide

Imperva CounterBreach

Security Monitoring. Managed Vulnerability Services. Managed Endpoint Protection. Platform. Platform Managed Endpoint Detection and Response

Cyber Risks in the Boardroom Conference

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

DEVELOP YOUR TAILORED CYBERSECURITY ROADMAP

Cybersecurity Perspectives 2018 THE DATA BREACH EFFECT

THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Interim Report Q2/2016 Samu Konttinen, CEO SECOND QUARTER REVENUES INCREASE BY 11% FROM PREVIOUS YEAR

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

THREAT HUNTING 2017 REPORT PRESENTED BY

RSA Cybersecurity Poverty Index

EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

STAY ONE STEP AHEAD OF THE CRIMINAL MIND. F-Secure Rapid Detection & Response

Security Survey Executive Summary October 2008

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.

Trends, Technology and Transition in Physical Security

THE STATE OF CLOUD & DATA PROTECTION 2018

Security in the age of digital disruption. An Australian and New Zealand perspective

Secure Development Lifecycle

SECURITY SERVICES SECURITY

Modern Database Architectures Demand Modern Data Security Measures

Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

The Deloitte-NASCIO Cybersecurity Study Insights from

Reducing the Cost of Incident Response

Securing global enterprise with innovation

Transcription:

See our insider threat predictions for 2018 based on data from nearly 1,500 companies that participated in a multi-year research study on insider attacks. This is the season for predictions, the time when we start imagining how our companies, technologies and market dynamics will evolve in the year to come. Many of the current crop of Top-5 or Top-10 prediction lists are focused on the growing impact of insider threats those trusted individuals who through malice or negligence or even carelessness cause harm to their organization s finances, IT systems and intellectual property. As you ll see in these pages, Haystax Technology and Crowd Research Partners are joining this crowded field of predictions by offering our own Top-5 list but with a twist. Rather than just look ahead and imagine the near future based on our own views and experiences, we ve taken a deep dive into three years worth of survey responses from nearly 1,500 professionals who are responsible for security at all types of companies. In doing so we can see how their answers have evolved during the last 36 months, and can thereby extrapolate certain emerging or continuing patterns and trends for 2018. Some of our predictions focus on the nature of the attacks and attackers, and how they re evolving; others are about the technology investments companies will make in hopes of mitigating their own potential insider threats. I hope you find the material in this report informative and useful in your own work. Even better, I would love to hear from you about your own predictions and plans for 2018. Please check our website (www.haystax.com) as we periodically host interactive webinars on how we can better protect ourselves from rogue insiders. Best wishes for 2018! Bryan Ware, CEO Haystax Technology www.haystax.com INSIDER THREAT PREDICTIONS FOR 2018 2

DEMOGRAPHICS This research is based on the results of a comprehensive online survey of 1,493 cybersecurity professionals to gain deep insight into the insider threats faced by their organizations, and the solutions needed to detect, remediate, and prevent them. The respondents range from technical executives to managers and IT security practitioners, representing organizations of varying sizes across all industries. JOB TITLE 34% 25% 19% 9% 9% 4% Director Manager/Supervisor CTO, CIO, CISCO, CMO, CFO, COO Vice President Specialist Other DEPARTMENT 59% 30% 11% IT Operations IT Security Other COMPANY SIZE 5% 37% 27% 17% 14% Fewer than 100 100-999 1,000-4,999 5,000-10,000 Over 10,000 PANEL SIZE 1,493 INSIDER THREAT PREDICTIONS FOR 2018 3

PREDICTION #1: In 2018, 99% of organizations will report feeling vulnerable to insider attacks. 64% 74% 90% 99% 2015 2016 2017 2018* In the most recent 2017 study results, 90% of organizations reported feeling vulnerable to insider attacks. The main enabling risk factors include too many users with excessive access privileges (37%), an increasing number of devices with access to sensitive data (36%), and the increasing complexity of information technology (35%). INSIDER THREAT PREDICTIONS FOR 2018 4

PREDICTION #2: Regular employees are surpassing privileged users as biggest insider security risk. 80 70 60 50 59% 60% 46% 51% 56% 55% 61% 49% 2015 2016 2017 2018* Privileged User Regular Employee Security professionals have a unique responsibility to detect, counter and respond to cyber attacks. This job becomes more challenging when threats come from within the organization from trusted and authorized users. It is often difficult to determine when users are simply doing their jobs, as opposed to actually doing something illegal or unethical. The 2017 survey indicated that regular employees and privileged IT users had roughly the same level of risk of becoming a threat. However, the three-year trend has been for the proportion of risky regular employees to rise while the proportion of risky privileged users has been declining, leading us to predict that 2018 will be the year when regular employees surpass trusted insiders as the greater risk. INSIDER THREAT PREDICTIONS FOR 2018 5

PREDICTION #3: Proactive monitoring of user behavior is becoming the new normal. 40% 29% 21% 19% 14% 14% 16% 10% 6% 15% 3% 15% 2015 2016 2017 2018* Yes, proactive monitoring Only after an incident Only under specific circumstances The increasing volume of insider threats have caused cybersecurity professionals to rely less on conventional end-point and SIEM tools while deploying more user behavior analytics (UBA) solutions to help detect, classify and alert SOC analysts to anomalous employee behavior. The number of organizations proactively monitoring their users behavior increased significantly by the end of 2017, compared to 2016. We expect this trend to continue in 2018 as artificial intelligence enhances UBA technologies. INSIDER THREAT PREDICTIONS FOR 2018 6

PREDICTION #4: Only 10% of companies will not leverage analytics to detect insider threats in 2018. 2015 50% 2016 30% 2017 14% 2018* 10% The number of organizations that do not leverage analytics continues to decline year after year. By the end of 2017, only 14% of respondents said they do not use analytics, compared to 30% in 2016. With a consistent downward trend since 2015, we expect that only 10% or less of companies will opt not to leverage analytics to detect risky insiders. INSIDER THREAT PREDICTIONS FOR 2018 7

PREDICTION #5: The majority of companies will continue in 2018 to steadily increase their investments in insider threat solutions. 57% 34% 42% 49% 2015 2016 2017 2018* Defending against security attacks is an ongoing challenge; cybersecurity professionals are equally concerned about the rise in the volume and frequency of both external and insider attacks. In 2017, close to half of the surveyed organizations (49%) expected budget increases. Forty-three percent expected their IT budgets to remain steady, while only 1% foresaw their security funding shrinking. This was a marked improvement in budget outlook compared to the previous two years surveys. Extrapolating from this trend we expect, for the first time in 2018, budgets will increase at over half the companies that responded to the earlier surveys. INSIDER THREAT PREDICTIONS FOR 2018 8

MORE RESOURCES INSIDER THREAT 2018 REPORT Industry Survey Insider Attacks Industry Survey PRESENTED BY 2017 Insider Threat Report 2016 Insider Threat Report INSIDER THREAT SPOTLIGHT REPORT 2015 Insider Threat Report INSIDER THREAT PREDICTIONS FOR 2018 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback