Especially if you work in U.S. IT Security, it's often the case that people will think about the environment of attacks, threats, controls and defenses in a pretty insular manner - assuming that what's true in the U.S. is also true around the world. But it's time we lost that attitude - especially if you work in a global organization.
Our recent Global Edition of the 2017 Thales Data Threat Report (register to download the report here) contains data from around the world in major technology markets, and we found some real differences in what people are doing in these global enterprises. To set the stage, here's some demographic data:
- Only IT Security Pros were surveyed
- All organizations surveyed had more than $250M in sales or more in the U.S. or $150M outside the U.S.
- 73% overall were over $500M in sales annually
- 48% were over $1B sales annually
First up is the level of vulnerability
There are really a few things you'll want to look at here - the overall level of vulnerability, the levels of "very or extremely" vulnerable, and then who's had the biggest change in the last year.
Overall, Brazil at 77% feeling vulnerable overall was at the low end, and Germany with 95% vulnerability on the top end closely followed by Australia at 81%. But this doesn't tell the whole story.
When you look deeper at organizations that feel "Very or Extremely" vulnerable the pattern duplicates, but the numbers become more ominous. Brazil has the low end again for very/extremely vulnerable at 19%, but nearly half in Germany (45%) and Australia (49%) feel very or extremely vulnerable. Clearly these organization feel like they have a target painted on their backs, with people highly likely to attempt to steal sensitive information.
Perhaps there are good reasons for this - Germany has a high concentration in intellectual property, and some of the most restrictive privacy laws in place around the world today. Australia seems to be a different case. We surveyed Australia first in 2014, and at that time they had the lowest levels we measured only 25% felt vulnerable overall with 6% extremely vulnerable - what a change to this year when 91% are feeling vulnerable and 49%, the highest level we've measured, very or extremely vulnerable. Clearly the threat environment has changed.
Last for vulnerability levels - let's look at the biggest year over year change. That's for Mexico with very or extremely vulnerable now 31%, up from just 10% last year.
Next Who's Protecting Their Data Best
Let's posit that attacks do vary by nation and language - With those targeting Japan for instance, needing a real capability to master the language and three character sets used there (Katakana, Hiragana and Kanji). This may raise the bar, limiting attacks to those with the resources to understand and use data in the local language, and would seem to put English speaking nations at the greatest risk - as English is the present language of business in most of the world.
Also, criminals are clearly going to "Follow the Money" and look for opportunities that will get them the best return - putting nations with a concentration of global enterprises more at risk than elsewhere.
There's really no way for us to currently gauge these factors, but we can look at evidence that indicates the percentage of enterprises that experience data related incidents and breaches. We asked the IT security pros that we polled questions about data breaches, as well as about compliance failures around data security. Perhaps the most telling of the results is how many organizations in each area had neither a breach nor a compliance failure around data.
Which nations seemed to be doing the best job by that criteria? Japan (52% no incidents) and the U.K. (50% no incidents). And worst - Mexico (12% no incidents) and Brazil (13% no incidents).
Think back for a minute to the stats above on vulnerability - Brazil was one of the countries that felt least vulnerable, but seems to be doing much less well than others at protecting data, while Germany, who feels very threatened according to our results, has a middle of the pack performance in actually keeping their data safe.
If you'd like more detail, please follow the link, register and download the report here.