The report, compiled by Dark Reading and sponsored by ServiceNow, details the top cyber security risks, and the measures currently being used by enterprises to fight these risks, as well as those advised by security experts.
‘How enterprises are attacking the cyber security problem’ compiles data from a detailed survey of 150 IT and security practitioners including CIOs, CTOs, CISOs, and other IT and security practitioners representing companies from the banking, healthcare, government, manufacturing, agriculture, media industries, and more.
Organisations report higher incidences and expectations of security attacks, with rising attack volumes and threat sophistication emerging as the major concerns. The increased complexity of attacks (cited as the top concern by 38% of respondents) and rising concerns over the ability of security leaders to enforce policies across the organisation are adding pressure.
But what are the main threats in terms of actual attack volumes? When asked about security breaches over the past year, half the organisations reported experiencing malware (52%) and phishing (50%) attacks.
Staying on top of what the report calls “the mushrooming security technology stack” is a significant and growing challenge for organisations. With so many technologies to keep pace with, they require more resources and expertise to manage.
The survey showed that in 2019 most organisations employ basic foundational tools such as email security, spam filtering and firewalls. Around half of these have formal patch management controls and tools for enforcing wireless policies.
The widespread adoption of breach prevention technologies shows that organisations are mainly focused on stopping attacks at the network perimeter.
However, as the report highlights, the majority of breaches actually occur because of a “lack of basic security hygiene” (around 80%, according to observations made by John Pescatore, director of emerging security trends at the SANS Institute).
Instead, organisations are advised to adopt an “assume breach” strategy. “Practices such as accurate inventory management, asset visibility, rapid patching, shielding, and segmenting against vulnerabilities that can’t be fixed quickly” should remain a priority, according to Pescatore.
Ensuring your users have a good understanding of basic IT security best practices can also reduce your organisation’s cyber security risk. Reassuringly, the report found that 72% of organisations now provide end-user security awareness training as a standard security practice.
The Center for Internet Security (CIS) has identified 20 essential security controls and practices, many of which were listed as being used by respondents to the Dark Reading survey.
According to the SANS Institute, the CIS controls are effective “because they are derived from the most common attack patterns highlighted in the leading threat reports and vetted across a very board community of government and industry practitioners.”
Included within this list of foundational controls are “email and web-browser protections, malware defences, data leak prevention, and wireless access control tools”, as well as “controls for limiting access to network ports, protocols, and services; controls for limiting access to Internet-facing systems; and least-privileged access controls.”
As well as these “foundational controls”, the CIS also identifies what it calls “5 CIS basic controls” and “4 CIS organisational controls”.
The basic CIS controls include continuous vulnerability management; controls for monitoring, tracking, and preventing misuse of administrative privileges; and controls for maintaining and managing log data. The organisational controls include penetration testing / red-team exercises and application software security programs.
In the survey, respondents were also asked what they rated as their most valuable security products and security practices.
3 most valuable security products:
Emerging threats, particularly those related to cloud migration, accelerated software development cycles, and enterprise mobility are causing headaches for a lot of organisations.
Survey respondents were concerned about rising attack volumes and the increased sophistication of threats, with more than two-thirds (67%) saying this has increased their vulnerability to a data breach.
It is estimated that public cloud revenue will grow 17% in 2020 (Gartner) as CIOs embrace the cloud globally. While Software as-a-Service (SaaS) will remain the biggest category, but enterprises will increasingly move business-critical workloads to Platform-as-a-Service (PaaS), and Infrastructure-as-a-Service (IaaS) environments as well, according to Gartner.
Analyst firm Enterprise Strategy Group (ESG) predicts that in the next few years, large organisations will transition from security approaches based on disconnected point products and manual process towards relying instead on “infrastructure made up of tightly integrated security platforms with cloud-based management and distributed enforcement of security policies”, with automation and integration at their core.
Strong authentication and persistent data encryption are vital basics for accessing any assets in the cloud, and organisations should ideally make sure these same controls apply to all users. “Almost all cloud storage services have encryption and key management capabilities,” Pescatore says. “Start using them, then look for solutions later that will work across multiple cloud services.”
virtualDCS employs these measures across all our systems and for all our users. Security is a key area where we’ve always made sure we stay ahead of the curve and go well beyond the basics to provide or facilitate the highest level of security possible for our clients and partners.
An appetite among respondents for cloud security technologies came through strongly in the survey, with many now working with their cloud security provider to deliver this. For example, 45% of organisations are using their cloud provider to encrypt all data stored in the cloud and 43% are using it to continuously monitor and reports on anomalies.
Which security capabilities does your cloud services provider currently deliver to your organisation?
Organisations with on-premise data centres that have been virtualised will also “invest more in security capabilities embedded in VMware and other third-party products”, he says, with “emerging technologies for detecting and responding to threats on enterprise endpoints, networks, and mobile devices” as additional areas of investment.
So how does your organisation match up?
Hopefully, the summary we’ve provided here has given you a broad enough overview to better understand current cyber security threats and to benchmark your organisation against other enterprises for risk mitigation technologies and practices.
If you want to discuss any of this in more detail and gain a better understanding of cyber security improvements that your organisation specifically could make, you can contact us online or give us a call on 03453 888 327.