The new Thales Data Threat Report produced with The 451 Research codifies and questions enterprise security spending priorities. Among the key points: 26% of organizations responding experienced a breach in the last year and 30% say their organizations are very or extremely vulnerable; and organizations are spending on endpoint & network security. 451 analysts urges organizations to embrace newer security technologies. IT security experts from Balabit, STEALTHbits Technologies, CipherCloud, VASCO Data Security and Prevoty commented below.
Sándor Bálint, Security Lead for Applied Data Science at Balabit:
“It’s all too easy to chastise organizations for a perceived misalignment of security spending priorities – it is another thing to actually be at the helm and making the calls. For many security managers, it feels like trying to plug a thousand holes in a boat, while behind you someone’s pointing out that the water’s rising and you haven’t plugged everything yet.
“The best advice I can give other security professionals: if you have the basics in place, then spend your first security budget dollars to improve monitoring. Collect and analyze logs, preferably using tools that allow fast drill-down and also help connect the dots with features such as advanced anomaly detection and behavioral analytics. Do vulnerability scans, perform audits. Once you understand what is going on in your organization, you’ll know where the risks are and where to spend your next budget dollars. Read reports and vendor recommendations, but know that ultimately the buck stops with you.”
Adam Laub, Sr. Vice President, Product Marketing at STEALTHbits Technologies:
“While it’s without question that newer technologies represent an exciting future in the fight against cyberattacks, the facts also support the argument that the technologies needed to prevent successful data breaches are here today, and have been for some time. While the entry points attackers take into an organization are widely varied, their tactics once inside are highly consistent and largely unsophisticated by today’s measures. Recent studies have found that simple misconfigurations in OS security settings and a general lack of ability to measure an organization’s adherence to the best practices they’ve committed to adopt is largely to blame for the continued success attackers have had over the years.
“Are new technologies needed to stop today’s threats? Absolutely. But, at the end of the day, every attacker is after two things; the data they want to steal, and the credentials they need to access that data. Focus on securing the very two things attackers are after, rather than how they get there, will ultimately yield the best results in the end.”
Mark Wilson, Director, Partner Enablement, EMEA at STEALTHbits Technologies:
“Thales, the organization that designs technology ranging from Train Station signage, through nuclear submarines to nation state grade encryption algorithms. It’s safe to say that when an organization such as Thales releases reports of this kind, we really should take it seriously.
“By far the most prevalent method for Ransomware delivery is email – a platform that virtually circumvents end-point and network layer security. It’s also worth notig that “Insider Threat’, where an administrator who has escalated privileges and therefore the encryption keys to sensitive data at rest can circumvent encryption level security. The Thales report highlights the need to protect – at source – the two most critical elements: Credentials and Data.
“Credentials are used to gain access to data, and those credentials in 95% of organizations are held and managed by Active Directory. Protect Active Directory and you massively reduce the risk to data at rest. The next step is to add a secondary layer to protect organizations from the insider threat, and that could be to override underlying weak native permission models. Build your security model outwards from the targets of the attack – data-at-rest and credentials.”
Willy Leichter, VP of Marketing at CipherCloud:
“Many businesses have an outdated mindset when it comes to cybersecurity. Investments in network and endpoint security extend the old perimeter security model – get bigger locks to keep the bad guys out. But with the explosion of cloud computing, the network perimeter becomes irrelevant, as vast amounts of infrastructure, processing, and storage are done outside of legacy network boundaries. This change requires a challenging pivot – focusing on protecting data wherever it goes – not just in known locations.”
.
Shane Stevens, Director of Omni-Channel Identity and Trust Solutions at VASCO Data Security:
“When it comes to data security, businesses continue to deal with balancing priorities between transformation and operations, and current operations tip the scale. The demands are tactically to fix, band-aid and quickly address issues, which leads to leveraging current infrastructure, tools, software and resources, and pulling back on budgets for strategic solutions and technology advancements that today do not allow product to produce a holistic solution. Most companies are not structured to allow operations and innovation to exist in organizational harmony. This is why we continue to see passwords still around, simplified multifactor authentication still scarce and data breaches continuing to rise.”
Julien Bellanger, CEO and Co-Founder at Prevoty:
“Enterprises are used to the concept of a perimeter, the network, and access doors , the end-points, so naturally they focus spending on keeping the wall up to keep the bad people outside out. The reality is that this infrastructure only exists because of the software that runs on it, and that software does not live within a perimeter anymore. If you ask any infosec specialist what visibility they have in the threats that are attacking their software and data, they most likely will have no answer. This is where we need to focus our investment, intelligence and defense – for software and data wherever it is.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.