2017 Thales Data Threat Report: “Security spending decisions leave sensitive data vulnerable”

Thales, a leader in critical information systems, cyber security and data security, has just announced the results of its 2017 Thales Data Threat Report, issued in conjunction with analyst firm 451 Research. The study shows that 68% of respondents have experienced a breach, with 26% experiencing a breach in the last year. Paradoxically, overall security spending is also up. In 2017, 73% of organisations have increased their IT security spending, representing a marked jump from 2016 (when the figure was 58%).

Thales’ study*, which is now in its fifth year, polled over 1,000 senior IT security executives at large enterprises around the world and indicates an ongoing ‘disconnect’ between the security solutions organisations spend money on and the ability of those solutions to protect sensitive data. While 30% of respondents classify their organisations as ‘very vulnerable’ or ‘extremely vulnerable’ to data attacks (and the number of breaches continues to rise), the two top spending priorities are network (62%) and endpoint (56%) protection solutions. Counterintuitively, spending on data-at-rest solutions (46%) comes last.

Garrett Bekker, senior analyst for information security at 451 Research and author of the report, explained: “One possible explanation for this troubling state of affairs is that organisations keep spending on the same solutions that worked for them in the past, but are not necessarily the most effective at stopping modern breaches. Data protection tactics need to evolve to match today’s threats. It stands to reason that, if security strategies are not equally as dynamic in this fast-changing threat environment, the rate of breaches will continue to increase.”

The reasons behind security spending decisions are varied, but the key driver remains constant: compliance. Almost half (44%) of respondents list meeting compliance requirements as their top spending priority, followed by Best Practice (38%) and protecting reputation/brand (36%). 59% also believe compliance is ‘very’ or ‘extremely’ effective at preventing data breaches.

While compliance regulations provide a data security blueprint, they are by no means the only consideration when building a security strategy robust enough to withstand the approaches of today’s sophisticated attackers.

Analysing threat perceptions

As has been the case in previous surveys, the 2017 Data Threat Report explored threat perceptions. All vertical industries polled identified cyber criminals as the top threat (44%), followed by hacktivists (17%), cyber terrorists (15%) and nation states (12%). With respect to internal threats, 58% of respondents believe privileged users are the most dangerous insiders (a slight decrease from last year’s figure of 63%). At 44%, executive management is seen as the second most risky insider threat, followed by ordinary employees (36%) and contractors (33%).

In this age of the cloud and SaaS enterprise deployments, more and more enterprise data is being created, transported, processed and stored outside of corporate network boundaries, making traditional perimeter-based security controls and legacy network and endpoint protection solutions increasingly less relevant.

Other new and popular technologies also bring added security challenges. For example, nearly 40% of respondents are using Docker containers for production applications. At the same time, 47% cite security as the ‘top barrier’ to broader Docker container adoption.

To offset the data breach trend and take advantage of new technologies and innovations, Thales advises that organisations should – as a bare minimum – adhere to the following practices: leverage encryption and access controls as a primary defence for data and consider an ‘encrypt everything’ strategy, select data security platform offerings that address a variety of use cases and emphasise ease-of-use and, last but not least, implement security analytics and multi-factor authentication solutions to help identify threatening patterns of data use.

*Data in the Thales study is based on web and phone interviews conducted with 1,105 senior executives in the UK, the US, Australia, Brazil, Germany and Japan. Most have a major influence on (or are the sole decision-maker for) IT at their respective companies



About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts