In the game of cloud security, you win or you lose. Year over year, more organizations are under threat and losing the battle to keep data safe from malicious outsiders and careless insiders. Earlier this month, Bitglass partnered with Crowd Research Partners to survey over 400 cybersecurity professionals to uncover perceived gaps in security and drivers of insider threats. Read on to see how security perceptions have evolved.
Among the most notable findings: one in three organizations take longer than 24 hours to respond to suspected cybersecurity incidents - a long time to go without knowing data has been compromised in some way. Even more staggering, 77% of organizations expressed moderate confidence or were not at all confident in their current insider threat security posture.
Clearly, respondents are aware of the changing threat landscape and know legacy security tools are insufficient. For an organization with hundreds of employees, many are likely to share a document externally, to access sensitive data from an unmanaged laptop, or to download an email attachment that contains malware. Each of these cases can be devastating and costs can be enormous.
Other Key Findings:
- 64 percent of respondents are most concerned with inadvertent data loss.
- 55 percent believe the growing number of devices are the number one driver of insider breaches.
- Half of the respondents say regular employees (not malicious outsiders) pose the greatest security risk to the organization.
- Ransomware is a growing concern for 48 percent of respondents, buoyed by concerns around Petya and WannaCry.
Since our year-ago survey on insider threats, one trend remains constant - corporate data is moving outside the network to cloud and mobile, making these same threats and concerns more pervasive. Enterprises with limited visibility into cloud apps, user activity, and data access must address these serious blind spots for compliance and data security.
Fortunately, CASBs can mitigate the risk of sharing and storing corporate data in the cloud, the risk of BYOD access, and other threats bubbling beneath the surface in every organization.
A data-centric security solution could be the difference between winning and losing the fight.