Avoidance of financial penalties now top reason for increased spending on cyber security

Thales, a leader in critical information systems, cyber security and data security, has just announced the results of its 2018 Thales Data Threat Report (Global Edition)* issued in conjunction with analyst firm 451 Research. The report finds digitally transformative technologies are shaping the way in which organisations do business and moving them to a data-driven world, with 94% of organisations using sensitive data in cloud, Big Data, the Internet of Things (IoT), container, blockchain and/or mobile environments.

Digital transformation is driving efficiency and scale as well as making possible new business models that propel growth and profitability. Enterprises are embracing this opportunity by leveraging all that digital technology offers, with adoption at record levels. 42% of organisations use more than 50 Software-as-a-Service applications, 57% use three or more Infrastructure-as-a-Service vendors and 53% inhabit three or more Platform-as-a-Service environments. 99% are using Big Data, 94% are implementing IoT technologies and 91% are working on or otherwise using mobile payments.

This rush to embrace new environments has created more attack surfaces and new risks for data that need to be offset by data security controls. The extent and impact of increased threats is most clearly shown in levels of data breaches and vulnerability. According to this early 2018 survey**, 67% of respondents were breached, with 36% breached in the last year – a marked increase from 2017, which saw 26% breached in the last year. Consequently, 44% of respondents feel ‘Very’ or ‘Extremely’ vulnerable to data threats.

While times have changed with respect to technological advancements, security strategies haven’t, in large part because spending realities don’t match up with what works best to protect data. 77% of respondents cite Data-at-Rest security solutions as being most effective at preventing breaches, with network security (75%) and Data-in-Motion (75%) following close behind. Despite this, 57% of respondents are spending the most on endpoint and mobile security technologies, followed by analysis and correlation tools (50%).

Gap between perception and reality

When it comes to protecting data, the gap between perception and reality is apparent, with Data-at-Rest security solutions coming in at the bottom (40%) of IT security spending priorities.

This ‘disconnect’ is also reflected in organisations’ attitude towards encryption, a key technology with a proven track record of protecting data. While spending decisions don’t reflect its popularity, respondents still express a strong interest in deploying encryption technologies. 44% cite encryption as the top tool for increased cloud usage, while 35% believe encryption is necessary to drive Big Data adoption – only three points behind the top perceived driver (identity technologies at 38%) and one point behind the second (improved monitoring and reporting tools at 36%).

48% cite encryption as the top tool for protecting IoT deployments, while 41% believe it to be the foremost tool for protecting container deployments. In addition, encryption technologies head the list of desired data security purchases in the next year, with 44% citing tokenisation capabilities as the key priority, followed by encryption with Bring Your Own Key capabilities. Encryption is also cited as the top tool (42%) for meeting new privacy requirements such as the European Union’s upcoming General Data Protection Regulation.

Digital transformation and “massive change”

Garrett Bekker, principal security analyst for information security at 451 Research and author of the report, commented: “This year, we found that organisations are dealing with massive change as a result of digital transformation, but this change is creating new attack surfaces and risks that need to be offset by data security controls. While times have changed, security strategies have not. Security spending increases that focus in the main on the data itself are at the bottom of IT security spending priorities, leaving customer data, financial information and Intellectual Property severely at risk. If security strategies are not equally as dynamic in this fast-changing threat environment, the rate of breaches will continue to increase.” 

Peter Galvin, chief strategy officer for Thales eSecurity, added: “From cloud computing to mobile devices and on to digital payments and emerging IoT applications, organisations are re-shaping how they do business. This ‘digital transformation’ is reliant on data. As is borne out by our 2018 Data Threat Report, we’re now at the point where we have to admit that data breaches are the new reality, with over a third of organisations suffering such a breach in the past year. In this increasingly data-driven world, it’s therefore hugely important to take steps to protect that data wherever it’s created, shared or stored.”

To offset the data breach trend and take advantage of new technologies and innovations, as a bare minimum organisations should adhere to the following practices: leverage encryption and access controls as a primary defence for data and consider an ‘encrypt everything’ strategy, select data security platform offerings that address multiple use cases to reduce complexity and costs and implement security analytics and multi-factor authentication solutions designed to help identify threatening patterns of data use.

*Download your copy of the 2018 Thales Data Threat Report (Global Edition)

**The data in the study is based on web and phone interviews with 1,200 senior executives in the UK, the US, Germany, Japan, India, the Netherlands, Sweden and South Korea. Most have a major influence on (or are the sole decision-maker for) IT at their respective companies. Respondents represented a number of industries, including automotive, energy, Government, financial services, healthcare, IT, manufacturing, retail and telecommunications

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts