This week, we published A Quick Guide to Cyber Security Trends, in which we’ve captured our top findings about key vulnerabilities, threats, the leading causes of data leakage and more. This blog summarises the last five of those findings.
To find out about the first six findings, please read A Quick Guide to Cyber Security Trends – part 1.
7. Shadow IT is a threat to security
SkyHigh reports that company personnel are increasingly introducing new risks with workarounds for legacy IT solutions. Unaddressed shadow IT presents a serious risk to businesses. Each additional unsanctioned device or application increases the risk surface and increases the likelihood of information mismanagement
8. Using the Cloud expands an organisation’s security perimeter
Security professionals who participated in Cisco’s third annual Security Capabilities Benchmark Study cited mobile devices, public Cloud, Cloud infrastructure and user behaviour as top sources of concern when they think about their organisation’s risk of exposure to a cyber attack. This is understandable. The proliferation of mobile devices creates more endpoints to protect. The Cloud is expanding the security perimeter. And users are, and always will be, a weak link in the security chain.
9. The supply chain represents a risk to cyber security
Despite a majority of enterprises either currently vetting or planning to vet ecosystem partners for cyber security capabilities, third-party vendors’ lack of cyber security is still a cause for concern. According to Soha System’s survey on third-party risk management, 63% of breaches can be traced to third-party vendors.
10. Budgets are the biggest obstacle to security
Budget constraints are the biggest obstacle to adopting advanced security processes and technology, followed by compatibility issues (dealing with disconnected systems that don’t integrate), certification requirements and lack of trained personnel (Cisco 2017 Annual Cyber Security Report).
11. Security professionals are forced to ignore security alerts
According to Cisco, 54% of legitimate alerts are not remediated. We can speculate that a lack of tools or resources is the main reason security professionals cannot respond to half the security alerts they receive. Automation can help security professionals free up resources and remove the burden of detection and investigation.
An expanding attack surface requires an integrated approach
Defenders must take a more proactive stance to stay ahead of attackers’ basic attack tactics. They should develop and implement an integrated approach which considers people, processes and technology.