For those of us in the security industry, the annual Cyberthreat Defense Report is a gold mine of insights into the minds of IT security professionals, including what threats keep them up at night, and how they plan to defend against them.
The 6th edition of the report from the CyberEdge Group was just published.
I was able to get a sneak peek at the 2019 report. At 43 pages, it is comprehensive without being over-long. It’s also chock-full of useful charts and graphics depicting the results of the survey, which included 1,200 IT security decision makers and practitioners from around the globe from 19 different industries.
There’s no shortage of interesting findings. Here are some of the ones that jumped out at me:
- No organisation is immune from attack. 2018 was the first in which the percentage of organisations hit by one or more successful cyberattacks actually fell year-over-year. That decrease was short-lived. The percentage of organisations breached in the past year increased again year-over-year to 78% in the 2019 survey. Worse, 32% of businesses reported being breached 6+ times in the last 12 months, up from 27% in the past year. That’s a nearly 20% increase — HUGE in my mind.
- The two most-wanted security technologies revolve around smarter software. Security teams are swamped with too much data, not enough intelligence; too many meaningless events, not enough ability to detect the true threats. No wonder that advanced security analytics and threat intelligence services are at the top the list of the most-desired technologies by security professionals.
- Web Application Firewalls (WAFs) rule. For the 2nd year in a row, respondents to the CyberEdge survey said WAFs (63%) were their most widely-deployed application and data security technology. That doesn’t surprise us at Imperva, where we take pride in the ability of our WAF — named a Leader by Gartner five years in a row — and app security solutions to prevent DDoS attacks, data breaches, and more. We also take pride in their flexibility, enabling enterprises to deploy them on-premises, in AWS and Azure, or as a cloud service.
- The two security processes businesses struggle with most. They are 1) secure application development and testing, and 2) detection of insider attacks. Because as powerful as WAFs are, they are best at protecting the metaphorical walls of your business from outside attack, but not as optimised for either emerging threats or attacks involving trusted employees who have been compromised or are malicious. Data Security and RASP (Runtime Application Self-Protection) solutions can fill in these security gaps. Subscribers to Imperva’s FlexProtect plans enjoy the ability to quickly deploy such solutions and/or move them between servers and cloud instances as needed.
- Machine learning and AI are making an impact TODAY. Who says AI is a coming technology? Four out of five respondents said they believe machine learning and AI are making a difference in the battle to detect cyberthreats. How? By analysing and automating the processing of millions of security events, filtering out meaningless ones, and distilling the rest into several actionable insights that security pros can quickly act on. That of course is just what our Imperva data risk analytics and attack analytics help provide.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.