For the last eight years, the Cyberthreat Defense Report has been helping enterprise security professionals gauge their internal practices and security investments against their peers across multiple countries and industries. The report is based upon data from 1,200 qualified IT security professionals from organizations with more than 500 employees, representing 19 industries in 17 countries across the globe.
The report provides comprehensive insight into cyberattacks and data breaches, and explores in detail the techniques that cybercriminals and other bad actors use. Get a free copy of the complete report here.
Here are the top five insights from the report, according to CyberEdge:
First, we should know by now that compliance is not enough. To reverse the troubling trends that CyberEdge has identified, all organizations need to make data security, and not just compliance, the core objective of their data protection strategy. Even for those organizations who have implemented traditional compliance-focused strategies in protecting their data, this approach is no longer enough. Most organizations victimized in high-profile data breaches were actually in regulatory compliance. At Imperva, we have delivered data protection technology to more than 6,200 enterprise customers for nearly 20 years. We can say with confidence that continuing to ignore the database security domain is a critical mistake.
Secondly, for large organizations like those that participated in the CyberEdge report, securing entire data estates required a level of commitment that most of them have not made. At the same time, the data security landscape is getting more challenging as the volume of data explodes and the threat surface grows. This is a serious problem, but not an insurmountable one.
The most important thing any organization can do is create a foundation layer of visibility into the data because this drives everything else. When you make visibility the priority, more often than not you can address most of your compliance requirements. Without sufficient visibility, you won’t know where the data is, and what’s happening with it. You won’t be able to mitigate security risks. To establish some level of baseline behavior, you must know the “6 Ws” of your data.Who’saccessing it,whatthey’re doing with it,whythey need it,wherethey’re accessing it from,whenthey’re accessing it, andwhich servers they’re using.
For security operations teams, with true data visibility comes alert fatigue. It’s imperative to separate out the data to which you need to pay attention. You also need robust User and Entity Behavior Analytics (UEBA) and other tools to inform security teams about what activity is truly actionable.
Another part of visibility is the classification of data. For privacy regulation compliance, you must have a consistent and scalable way to discover and catalog sensitive data, like employee data or consumer data, and make it ready for responding to subject rights requests. Inability to do this could result in consequences due to not complying with privacy regulations.
The good news is most organizations can achieve these imperatives with minimal disruption and within their existing budgets. The attacks are going to come. Whether they succeed or not depends on the tools and solutions you have to thwart them and prevent data breaches.
Imperva can help. Contact us to find out more.
The post Top five insights from the 2021 CyberEdge Cyberthreat Defense Report appeared first on Blog.