Well, it's been quite a week for security industry research and surveys. Not only did PwC release The Global State of Information Security Survey 2013, and Verizon release the 2013 Data Breach Investigations Report, we also released the results of our own Protect What Matters — Data Security global online survey. While the rich content contained in these three information sources is too vast to cover in any single blog post, I'd like to share my thoughts and observations with you over the coming weeks on some key takeaways regarding the state of the security industry. Two takeaways I'd like to share in this blog post are: 1) the research is clear — no organization is immune from becoming the target of cyber attackers; and 2) when looking at tools to combat cybercrime — 75% of which is financially motivated — data-centric security measures are crucial.
Large organizations used to believe that their network security was sufficient to keep the barbarians at the gate. Likewise, smaller organizations felt that they weren't big enough to matter…that cyber attackers were only after the Fortune 500. Unfortunately, neither has proven to be true. Over the last 18 months, the security landscape has changed dramatically. New types of threats have emerged, and organizations of all types and sizes are being penetrated; no one is able to fly under the radar.
Now, the bigger the fish, the greater the financial rewards of a data breach, but smaller organizations with minimal security make for quick and easy targets. And, given that the vast majority of enterprises have already been penetrated, perimeter security is clearly failing in this era of sophisticated cyber attacks. Organizations are going to have to protect what matters — their sensitive data — by putting in place a data-centric security plan. This means implementing data-centric security solutions that combine protections for critical data using encryption and access controls, coupled with detailed access information that will enable a SIEM solution to identify advanced threats, compromised accounts and malicious insiders.
As Wade Baler, principal author of the Data Breach Investigations Report, so aptly put it, "We have the tools today to combat cybercrime, but it’s really all about selecting the right ones and using them in the right way. In other words, understand your adversary—know their motives and methods, prepare your defenses accordingly, and always keep your guard up.” I couldn't agree more.