CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS

Similar documents
FOR FINANCIAL SERVICES ORGANIZATIONS

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

Understand & Prepare for EU GDPR Requirements

Building a Threat Intelligence Program

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals

TRUSTED MOBILITY INDEX

GDPR: A QUICK OVERVIEW

with Advanced Protection

DIGITAL TRUST Making digital work by making digital secure

The data quality trends report

Data Privacy in Your Own Backyard

Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

THE ACCENTURE CYBER DEFENSE SOLUTION

MITIGATE CYBER ATTACK RISK

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

A CFO s Guide to Cyber Security in the Coming Year

CYBER INSURANCE: MANAGING THE RISK

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

Best Practices in Securing a Multicloud World

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

THE CYBERSECURITY LITERACY CONFIDENCE GAP

AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs

2017 RIMS CYBER SURVEY

HOSTED SECURITY SERVICES

HEALTH CARE AND CYBER SECURITY:

Real estate predictions 2017 What changes lie ahead?

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

CHANGING FACE OF MOBILITY RAISES THE STAKES FOR ENDPOINT DATA PROTECTION

Cyber Security Program

Sales Presentation Case 2018 Dell EMC

The Role of the Data Protection Officer

Data Leak Protection legal framework and managing the challenges of a security breach

State of Cloud Survey GERMANY FINDINGS

MULTI-CLOUD REQUIRES NEW MANAGEMENT STRATEGIES AND A FORWARD-LOOKING APPROACH

Consumer Opinions and Habits A XIRRUS STUDY

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

RSA Cybersecurity Poverty Index

Mastering The Endpoint

2018 NFP Governance and Performance Study. Key results and implications

GDPR. What is GDPR? GDPR is extraterritorial, meaning it applies to any company, processing EU resident data, irrespective of their location.

MATURE YOUR CYBER DEFENSE OPERATIONS with Accenture s SIEM Transformation Services

What is ISO ISMS? Business Beam

3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity

NIS-Directive and Smart Grids

Background FAST FACTS

IBM Cloud Internet Services: Optimizing security to protect your web applications

Overview of Akamai s Personal Data Processing Activities and Role

Getting ready for GDPR

How to Create, Deploy, & Operate Secure IoT Applications

REPORT. proofpoint.com

IT Security: Managing a New Reality

encrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?

The GDPR data just got personal

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Cyber Risks in the Boardroom Conference

Panda Security 2010 Page 1

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

2015 VORMETRIC INSIDER THREAT REPORT

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Governance Ideas Exchange

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe

Cybersecurity, Trade, and Economic Development

MOBILE SECURITY. Fixing the Disconnect Between Employer and Employee for BYOD (Bring Your Own Device)

Modern Database Architectures Demand Modern Data Security Measures

EBOOK The General Data Protection Regulation. What is it? Why was it created? How can organisations prepare for it?

Business Success Through Embedded Communication Technology

Optimisation drives digital transformation

REPORT. proofpoint.com

CLOSING IN FEDERAL ENDPOINT SECURITY

Security Awareness Training Courses

2017 THALES DATA THREAT REPORT

Accelerate GDPR compliance with the Microsoft Cloud

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Better Security. Fewer Resources. Cylance Bolsters Endpoint Protection Without PC Performance Impact or Incremental Costs

Supporting The Zero Trust Model Of Information Security: The Important Role Of Today s Intrusion Prevention Systems

Cybersecurity Considerations for GDPR

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Cybersecurity. Securely enabling transformation and change

Regulating Cyber: the UK s plans for the NIS Directive

Express Monitoring 2019

European Union Agency for Network and Information Security

Cyber Security Strategy

Cyber Security: It s all about TRUST

Data Privacy Corporate Responsibility in Multi Polar World

AD BLOCKING TOOLKIT. Ad Blocking: Toolkit and FAQs

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

Continuous protection to reduce risk and maintain production availability

DATA PRIVACY & PROTECTION POLICY POLICY INFORMATION WE COLLECT AND RECEIVE. Quality Management System

Putting security first for critical online brand assets. cscdigitalbrand.services

Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

Transcription:

CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS

Introduction The world of cybersecurity is changing. As all aspects of our lives become increasingly connected, businesses have made great progress in preparing to defend themselves against attacks. But with growing responsibility to protect the data of customers, employees, partners and shareholders, there s still more for businesses to do to ensure the best possible protection. The EU s Network and Information Security (NIS) Directive, slated to be implemented by Member States sometime in spring 2018, will impose new security requirements on operators of essential services and digital service providers. These entities must take appropriate and proportionate technical and organisational measures to manage risks to the security of their networks and information systems, and these measures must have regard for the state of the art. The NIS Directive also requires the notification to authorities of security incidents of particular magnitudes. Finally, the NIS Directive requires that covered companies take appropriate measures to prevent incidents affecting the security of their network and information systems. The General Data Protection Regulation (GDPR), the new personal data protection law that will come into force on 25 May 2018, also has requirements directing entities to implement appropriate security measures with regard to the state of the art, in order to protect the data of EU residents. In addition, the regulation requires data controllers to notify authorities in the event of a data breach. Significant financial penalties have been introduced for infringements of the regulation s provisions. Businesses appear to understand the level of impact that these laws provisions are likely to have. According to research by MicroMarketMonitor, European businesses are expected to spend around $35.53 billion on cybersecurity by 2019. According to our own research, 96 percent of management-level employees in European companies acknowledged that cybersecurity should be a priority. While it s great to see businesses taking cybersecurity seriously, simply buying more products and then carrying on as normal won t improve the situation if we cannot reduce the amount of time taken to detect and prevent incidents. With so much at stake, we surveyed more than 700 decision-makers in companies with over 1000 employees in the U.K., Germany, France, the Netherlands and Belgium to understand how they plan to adjust to the changing world of cybersecurity. Key statistics European businesses are expected to spend $35.53 billion on cybersecurity by 2019. 96% of business decision-makers acknowledge cybersecurity should be a priority. 2

SECTION 1: CYBERSECURITY BLOCKERS THAT EXIST At a Business Level Business leaders are clear on the importance of cybersecurity, but there is confusion across most organizations about where responsibility lies. Our research found that 1 in 5 (18%) of management-level employees don t feel they have a role to play in their company s cybersecurity efforts. Furthermore, 40 percent of respondents believe that, in the event of a security breach, IT would be held to blame. The majority of IT departments tend to agree, with 57 percent believing that security is their domain alone. The breadth of responsibility for cybersecurity is still unclear to many. The truth is that it is no longer just an IT issue; it should be a pervasive everyday business practice that requires the involvement of every employee across every department. This integration of security into business practices requires an approach of security by design and by default. Employees need a clear idea of what they are responsible for and how their behaviour impacts the security of the business as a whole. Essential to this, business leaders must take a holistic view of cybersecurity and should employ technology strategically to support security in their personnel training and business practices. Threat detection and prevention should be as automated as the business processes they are designed to protect. That can t be the job of technology alone; effective security systems encompass both technology and input from human, cybersecurity professionals. That means preventive, real-time measures that allow an organization to monitor all the traffic in its network are necessary to provide an accurate view of risk. admitting to doing so At an Employee Level Employees today are more techsavvy than ever. Most people use technology and applications to run their personal lives, whether banking, shopping or streaming their favourite TV shows on laptops, tablets or mobiles. As individuals, we have come to expect the same, easy user experience when we are at work and can grow frustrated when it is not made available to us. Some employees circumvent their company s cybersecurity policy to use a more efficient tool or service than that which is sanctioned by their organization. Our research shows that 1 in 5 respondents (17%) feel their cybersecurity policy is frustrating and prevents them from having access to the tools and sites they need to do their jobs. Key Statistics Almost 1 in 5 (18%) of management-level employees don t feel they have a role to play in their company s cybersecurity efforts. 40% of respondents believe that, in the event of a security breach, IT would be held to blame. Almost 1 in 5 respondents (17%) feel their cybersecurity policy is frustrating and prevents them from having access to the tools and sites they need to do their jobs. 57% of IT departments believe that cybersecurity is solely their domain. 3

SECTION 2: CLEARING THE ROAD AHEAD There are three key steps all businesses can take to make sure they are ahead when it comes to cybersecurity. Make It Measurable Security must move from being seen as a negative to a positive. Businesses should be able to demonstrate the commercial value that comes from cybersecurity, be that in new business contracts or increased business efficiencies. Historically it has been easy to claim success when nothing bad has happened, but that often is just due to chance. If cybersecurity is to become an integral part of business, it must be accountable. One of the first goals for any company is to agree on how to measure the benefit of cybersecurity. Unite Around Security Business innovation and cyberthreats are both extremely dynamic, but it s very easy to look at cyber as a project to be completed. The reality is that education, empowerment and implementation are ongoing processes that all aspects of the business must continue to support and drive. Critical to this is a common language that allows everyone to engage in discussion, whether they are in HR, legal, finance, IT or any other part of a business. Being Proactive By their nature, security leaders can be risk averse, and such a stance may be in conflict with business drivers. This can be visible through an unwillingness to let go of legacy security tools and processes that are no longer effective in the current landscape. Yet the belief that such legacy capabilities could save them one last time can lead to immobility. In such a dynamic world, if we are not keeping pace, we are slowing down business and often inadvertently creating risk. 4

SECTION 3: WHAT DOES THE FUTURE HOLD? While businesses can always do more to educate employees about cybersecurity risks and their role in preventing them, it appears that attitudes are changing. Just under two-thirds (61%) of respondents to our survey said that they would talk to IT before introducing new devices or business applications to the company network. Awareness appears to be growing, but employee education efforts must continue to ensure that those on the frontline understand the role they have to play and have the skills they need to identify threats. Security challenges to businesses are only likely to grow over the coming years. The immediate priority will be to understand and adapt to the requirements laid out by GDPR and NIS. However, this comes at a time when the number of connected devices is expected to grow exponentially. According to Gartner, by 2020, more than 25 percent of identified attacks in enterprises will involve the IoT 1, showing that businesses are more susceptible to attacks as more and more data flows between them and their customers and partners. In addition, the proliferation of new endpoints creates weak spots that can be exploited by threat actors, with their growing popularity making them valuable targets for attackers. As our lives become more connected, employees will continue to demand more choice over the devices and services they use. Companies need to enable this rather than dictate technology options. That means identifying next-generation security offerings that are designed for the modern, dynamic and expanding computing environment and encouraging the use of new devices and tools. Key Statistics 61% of respondents to our survey said that they would talk to IT before introducing new devices or business applications to the company network. 1 According to Gartner, by 2020, more than 25% of identified attacks in enterprises will involve the IoT. Methodology The survey referenced (unless otherwise stated) was conducted online among 765 business decisionmakers in companies with 1000+ employees in the U.K., Germany, France, the Netherlands and Belgium. It was commissioned by Palo Alto Networks and conducted by Redshift Research in October 2015. About Palo Alto Networks Palo Alto Networks is the nextgeneration security company, leading a new era in cybersecurity by safely enabling applications and preventing cyber breaches for tens of thousands of organizations worldwide. Built with an innovative approach and highly differentiated cyberthreat prevention capabilities, our gamechanging security platform delivers security far superior to legacy or point products, safely enables daily business operations and protects an organization s most valuable assets. Find out more at www.paloaltonetworks.com Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners. 1 Gartner Press Release, Gartner Says Worldwide IoT Security Spending to Reach $348 Million in 2016, April 25, 2016, http://www.gartner.com/newsroom/id/3291817 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback