7 Research Insights to Help Inform Your Approach to Network Security

When thinking about network security today you need to
think beyond “network.” Most organizations manage a multitude of cloud services
– sometimes essential to the organization and often part of shadow IT use
cases. In a recently commissioned white paper from Osterman Research – New Methods for Solving Phishing, Business
Email Compromise, Account Takeovers and Other Security Threats
– they found that there are nearly 1,200 cloud services in play in the typical
large enterprise and most of these are not “enterprise-ready.”

In addition, there are a significant number of mobile
devices in use by employees that can access corporate networks and sensitive
information, and most of these devices are loaded with apps, many of which are
vulnerable and capable of compromise.

Bottom line… today’s attack surface is vast and goes well
beyond the four walls of your organization. In their survey of security-focused
professionals, Osterman came away with some key insights worth sharing.

1. 81%
   of organizations have reported being the victim of some type of data breach,
   targeted email attack, successful phishing attack or other security incident
   during the previous 12 months. This is a substantial number and grounds for
   serious concern for most of the people and organizations that operate with a “chances
   are it won’t happen to me” mentality.
2. While
   security decision makers and influencers are concerned about a wide range of
   issues, successful phishing attempts, employees unable to recognize phishing
   and social engineering attacks, and zero-day exploits concern them the most. And
   they should. The Verizon Data Breach Investigations Report concluded that phishing
   is represented in 93 percent of breaches, making it a necessary priority for
   security teams.
3. The
   security skills gap is also a top-of-mind concern for security decision makers
   and influencers. 38% believe that the security skills shortage is a “definite”
   problem for their organization, and another 30% consider it to be a “very
   serious” problem. The shortage may be the result of the growing challenges that
   security operations centers (SOCs) seem to be facing. According to a Ponemon
   Institute study, 65% of SOC analysts have considered changing
   careers or quitting their jobs. More can be found on these SOC challenges in
   this earlier post we published – The
   Current Challenges SOCs Face and How to Help.
4. There’s
   a growing disconnect between the security tools that are currently in place and
   the security tools professionals would like to have in place. Research showed
   that teams would like to have more cloud-based tools, and they would like a
   much greater use of artificial intelligence (AI) and machine learning (ML). Our
   SEER
   technology leverages these in delivering real-time threat
   protection.
5. Many
   of those who influence and make security decisions are not confident in their
   organization’s ability to thwart a wide range of security problems. In fact,
   29% do not believe they are “doing well” at protecting end users from
   ransomware and 33% do not believe they are “doing well” at protecting end users
   from malware.
6. 28%
   of the organizations in the survey do not have the ability to identify which
   email account has been compromised once a threat has been discovered.
7. Security
   awareness training is an essential element to bolster the security
   infrastructure, something that the majority tend to agree with. That said,
   humans are the weak link in the security chain. A holistic security approach is
   essential. Be sure to check out our blog 8
   ‘Must-Haves’ that Today’s Security Policies Need to Include.

As part of a holistic threat prevention solution,
organizations need strong policies. They also need to get out in front of
phishing threats and bad actors. SlashNext
Real-Time Phishing Threat Intelligence definitively detects phishing
sites with virtual browsers and state-of-the-art machine learning algorithms,
producing a dynamic threat intelligence feed for automated blocking by your URL
filtration / blocking defenses in real-time. It’s a whole new level of
protection from the growing number of sophisticated zero-hour phishing threats
on the web.

BONUS reading… check out 10
Steps Every Organization Should Take to Improve Cybersecurity.

Recent Articles By Author

• Characteristics and Challenges of Advanced Persistent Threats (APTs)
• What Does Your Current Security Infrastructure Look Like?
• C-Level Security Compliance – The Need for Communication and Automation

More from sln_admin

*** This is a Security Bloggers Network syndicated blog from SlashNext authored by sln_admin. Read the original post at: https://www.slashnext.com/blog/7-research-insights-to-help-inform-your-approach-to-network-security/