Despite greater spending on cyber security, the number of IT security executives in large firms who have experienced a security breach continues to rise.
More than two thirds (68%) of the 1,100 senior IT security executives surveyed for the 2017 Thales Data Threat Report (produced in association with 451 Research) say they have experienced a security breach at some point, with 26% suffering one in the last 12 months.
Both these figures have risen in the last 12 months.
Expenditure on security is up too, with 73% of organisations reporting increased IT security spending (up from 58% last year). The top two spending priorities are network (62%) and endpoint (56%) protection solutions. Spending on data-at-rest solutions is at the bottom of the list (46%).
The main reasons to invest in IT security are compliance (cited as a top spending priority by 44% of those surveyed), followed by best practice (38%) and protecting one’s reputation/brand (36%).
Cyber criminals are viewed as the Number One external threat (44%), ahead of hacktivists (17%), cyberterrorists (15%) and nation states (12%). The list of insider threats is headed by privileged users (58%), followed by executive management (44%), ordinary employees (36%) and contractors (33%).
Thales warns that because of the cloud and SaaS enterprise deployments, more and more enterprise data is being created, processed and stored outside corporate network boundaries, making traditional perimeter-based security controls and legacy network and endpoint protection solutions less and less relevant.
As a minimum, it advises organisations to:
leverage encryption and access controls as a primary defence for data and consider an ‘encrypt everything’ strategy;
select data security platforms that address a variety of use cases and emphasise ease of use; and
Implement security analytics and multifactor authentication solutions to help identify threatening patterns of data use.