The first three installments of the Cyberthreat Defense Report (CDR) began the process of looking beyond major breaches and the never-ending evolution of cyberthreats to better understand what IT security teams are doing to defend against them. Let’s face it. We all know that ransomware ran rampant in 2016. More valuable to most IT security professionals than the intimate details of the next variant to emerge on the scene are the tactics and technologies other organizations are using to defend against it.
Current Security Posture
- Rising attacks. Nearly four in five respondents’ organizations were affected by a successful cyberattack in 2016, with a full third being breached six or more times in the span of a year (page 6).
- Optimism reigns. More than a third of respondents consider it unlikely their organization will be the victim of a successful cyberattack in 2017 (page 7).
- Mobile devices weakest tech component. For the fourth consecutive year, mobile devices are perceived as IT security’s weakest link, closely followed by other end-user computing devices (page 8).
- Developing secure apps weakest process. Secure application development and testing is the security process organizations struggle with the most, followed by user awareness training (page 9).
- Failure to monitor privileged users. Only a third of respondents are confident their organization has made adequate investments to monitor the activities of privileged users (page 10).
- Patch management woes. Less than a third of respondents are confident their organization’s patch management program effectively mitigates the risk of exploit-based malware (page 11).
- Cyber insurance pulling its weight. Three-quarters of respondents rate their organization’s level of investment in cyber insurance as adequate (page 12).
Perceptions and Concerns
- Threats keeping us up at night. Malware, phishing, and insider threats give IT security the most headaches (page 13).
- Ransomware’s bite out of the budget. Six in 10 respondents said their organization was affected by ransomware in 2016, with a full third electing to pay the ransom to get their data back (page 14).
- Ransomware’s biggest nightmare. The potential for data loss is the greatest concern stemming from ransomware, while the potential for revenue loss trails the field (page 15).
- Microsoft leaving the door open? With two-thirds of respondents not fully satisfied with Microsoft’s security measures for Office 365, the door remains open for third-party security solutions (page 16).
- Employees still to blame. Low security awareness among employees continues to be the greatest inhibitor to defending against cyberthreats, followed closely by a shortage of skilled personnel and too much data for IT security teams to analyze (page 17).
Current and Future Investments
- Security budgets still rising. Despite stabilizing as a percentage of organizations’ overall IT budgets, nearly three-quarters of IT security budgets are expected to rise (again) in 2017 (pages 19 and 25).
- Must-have network security investments. Network deception solutions are the top-ranked network security technology planned for acquisition in 2017, followed by next-generation firewalls and user and entity behavior analytics (page 20).
- Shielding endpoints from cyberthreats. Containerization/micro-virtualization tops the rankings for both endpoint security and mobile security technologies that respondents plan to acquire in 2017 (pages 22 and 23).
- Application security testing gaining traction. Database firewalls may currently be the most widely deployed app/ data security technology, but application security testing tools top the most wanted list for 2017 (page 24).
Practices and Strategies
- NAC’s reign continues. Network access control (NAC) remains the top technology for reducing a network’s attack surface (page 26).
- Dumping security data. While 96% of respondents collect at least some full-packet network traffic data to support their security efforts, nearly three-quarters ditch it within four weeks (page 27).
- Leveraging CASBs to protect sensitive data. Preventing disclosure of sensitive data is the leading reason why organizations are deploying cloud access security brokers (page 30).
- Identity/credential thieves in crosshairs. Thwarting account hijacking is the top use case for organizations deploying user and entity behavior analytics, followed closely by detecting data exfiltration (page 29).
- Cybersecurity skills shortage crisis. An astounding nine out of 10 respondents indicated their organization is suffering from the global shortfall of skilled IT security personnel (page 31).