7 Research Insights to Help Inform Your Approach to Network Security

When thinking about network security today you need to
think beyond “network.” Most organizations manage a multitude of cloud services
– sometimes essential to the organization and often part of shadow IT use
cases. In a recently commissioned white paper from Osterman Research – New Methods for Solving Phishing, Business
Email Compromise, Account Takeovers and Other Security Threats

– they found that there are nearly 1,200 cloud services in play in the typical
large enterprise and most of these are not “enterprise-ready.”

In addition, there are a significant number of mobile
devices in use by employees that can access corporate networks and sensitive
information, and most of these devices are loaded with apps, many of which are
vulnerable and capable of compromise.

Bottom line… today’s attack surface is vast and goes well
beyond the four walls of your organization. In their survey of security-focused
professionals, Osterman came away with some key insights worth sharing.

  1. 81%
    of organizations have reported being the victim of some type of data breach,
    targeted email attack, successful phishing attack or other security incident
    during the previous 12 months. This is a substantial number and grounds for
    serious concern for most of the people and organizations that operate with a “chances
    are it won’t happen to me” mentality.
  2. While
    security decision makers and influencers are concerned about a wide range of
    issues, successful phishing attempts, employees unable to recognize phishing
    and social engineering attacks, and zero-day exploits concern them the most. And
    they should. The Verizon Data Breach Investigations Report concluded that phishing
    is represented in 93 percent of breaches, making it a necessary priority for
    security teams.
  3. The
    security skills gap is also a top-of-mind concern for security decision makers
    and influencers. 38% believe that the security skills shortage is a “definite”
    problem for their organization, and another 30% consider it to be a “very
    serious” problem. The shortage may be the result of the growing challenges that
    security operations centers (SOCs) seem to be facing. According to a Ponemon
    Institute study
    , 65% of SOC analysts have considered changing
    careers or quitting their jobs. More can be found on these SOC challenges in
    this earlier post we published – The
    Current Challenges SOCs Face and How to Help
  4. There’s
    a growing disconnect between the security tools that are currently in place and
    the security tools professionals would like to have in place. Research showed
    that teams would like to have more cloud-based tools, and they would like a
    much greater use of artificial intelligence (AI) and machine learning (ML). Our
    leverages these in delivering real-time threat
  5. Many
    of those who influence and make security decisions are not confident in their
    organization’s ability to thwart a wide range of security problems. In fact,
    29% do not believe they are “doing well” at protecting end users from
    ransomware and 33% do not believe they are “doing well” at protecting end users
    from malware.
  6. 28%
    of the organizations in the survey do not have the ability to identify which
    email account has been compromised once a threat has been discovered.
  7. Security
    awareness training is an essential element to bolster the security
    infrastructure, something that the majority tend to agree with. That said,
    humans are the weak link in the security chain. A holistic security approach is
    essential. Be sure to check out our blog 8
    ‘Must-Haves’ that Today’s Security Policies Need to Include

As part of a holistic threat prevention solution,
organizations need strong policies. They also need to get out in front of
phishing threats and bad actors. SlashNext
Real-Time Phishing Threat Intelligence
definitively detects phishing
sites with virtual browsers and state-of-the-art machine learning algorithms,
producing a dynamic threat intelligence feed for automated blocking by your URL
filtration / blocking defenses in real-time. It’s a whole new level of
protection from the growing number of sophisticated zero-hour phishing threats
on the web.

BONUS reading… check out 10
Steps Every Organization Should Take to Improve Cybersecurity

*** This is a Security Bloggers Network syndicated blog from SlashNext authored by sln_admin. Read the original post at: