If all you read are all of the headlines (and there are too many, to be sure) you’d be convinced enterprises are losing the never-ending battle to secure their networks.
Perhaps they are.
And to help turn the momentum, more enterprises are doing more to bolster their security defenses. They are increasing their information security spending, collaborating more on threat intelligence efforts, and turning to cybersecurity insurance policies in larger numbers, according to a global security survey released today.
The most recent Global State of Information Security Survey, based on responses from 10,000 IT and security decision-makers in 127 nations, produced by PwC US in conjunction with CIO magazine and CSO also reported that their information security spending is up from last year, while financial losses from cyber attacks has decreased from $2.7 million in 2014 to $2.5 million this year.
The survey also found that enterprises are improving in their ability to detect breaches that are underway. In fact, enterprises reported a 38 percent increase in detected incidents, this year over last year. They are also seeing more intellectual property theft, which jumped 56 percent over the previous year. Another interesting finding: while both current and previous employees constituted the bulk of attacks aimed at these enterprises, there have been a noticeable surge in breaches attributed to current and former partners and suppliers. Data breaches attributed to them are up to 59 percent this year, from 46 percent in 2014.
Although it’s nearly a decade in the making, the enterprise move to cloud platforms is creating tremendous change in how enterprises use, manage, and protect their applications and data. The research firm IDC expects public cloud spending alone to hit $70 billion this year.
“We are looking at a completely new paradigm for security. When you add always on, always connected and couple all of that with the fact that we no longer are keeping data in our own premises. It completely changes how we have to do security,” says Tyler Shields, a security analyst at Forrester Research.
Also with 69 percent of respondents using cloud-based security services, the cloud has matured, without a doubt, as an established delivery method of security controls and services: real-time monitoring and analytics (56%), authentication (55%), identity and access management (48%), threat intelligence (47%), and end-point protection (44%).
“The only way to effectively perform security in this new environment is to do it at cloud scale. That means you have to actually be able to capture data, analyze data, analyze security related metadata and data, and then make decisions on based on it and enforce your security controls; because to do anything less means that they'll never be able to keep up with the pace of the movement of the data,” says Shields.
Sign up for MIS Asia eNewsletters.