7 Research Insights to Help Inform Your Approach to Network Security
When thinking about network security today you need to
think beyond “network.” Most organizations manage a multitude of cloud services
– sometimes essential to the organization and often part of shadow IT use
cases. In a recently commissioned white paper from Osterman Research – New Methods for Solving Phishing, Business
Email Compromise, Account Takeovers and Other Security Threats
– they found that there are nearly 1,200 cloud services in play in the typical
large enterprise and most of these are not “enterprise-ready.”
In addition, there are a significant number of mobile
devices in use by employees that can access corporate networks and sensitive
information, and most of these devices are loaded with apps, many of which are
vulnerable and capable of compromise.
Bottom line… today’s attack surface is vast and goes well
beyond the four walls of your organization. In their survey of security-focused
professionals, Osterman came away with some key insights worth sharing.
- 81%
of organizations have reported being the victim of some type of data breach,
targeted email attack, successful phishing attack or other security incident
during the previous 12 months. This is a substantial number and grounds for
serious concern for most of the people and organizations that operate with a “chances
are it won’t happen to me” mentality. - While
security decision makers and influencers are concerned about a wide range of
issues, successful phishing attempts, employees unable to recognize phishing
and social engineering attacks, and zero-day exploits concern them the most. And
they should. The Verizon Data Breach Investigations Report concluded that phishing
is represented in 93 percent of breaches, making it a necessary priority for
security teams. - The
security skills gap is also a top-of-mind concern for security decision makers
and influencers. 38% believe that the security skills shortage is a “definite”
problem for their organization, and another 30% consider it to be a “very
serious” problem. The shortage may be the result of the growing challenges that
security operations centers (SOCs) seem to be facing. According to a Ponemon
Institute study, 65% of SOC analysts have considered changing
careers or quitting their jobs. More can be found on these SOC challenges in
this earlier post we published – The
Current Challenges SOCs Face and How to Help. - There’s
a growing disconnect between the security tools that are currently in place and
the security tools professionals would like to have in place. Research showed
that teams would like to have more cloud-based tools, and they would like a
much greater use of artificial intelligence (AI) and machine learning (ML). Our
SEER
technology leverages these in delivering real-time threat
protection. - Many
of those who influence and make security decisions are not confident in their
organization’s ability to thwart a wide range of security problems. In fact,
29% do not believe they are “doing well” at protecting end users from
ransomware and 33% do not believe they are “doing well” at protecting end users
from malware. - 28%
of the organizations in the survey do not have the ability to identify which
email account has been compromised once a threat has been discovered. - Security
awareness training is an essential element to bolster the security
infrastructure, something that the majority tend to agree with. That said,
humans are the weak link in the security chain. A holistic security approach is
essential. Be sure to check out our blog 8
‘Must-Haves’ that Today’s Security Policies Need to Include.
As part of a holistic threat prevention solution,
organizations need strong policies. They also need to get out in front of
phishing threats and bad actors. SlashNext
Real-Time Phishing Threat Intelligence definitively detects phishing
sites with virtual browsers and state-of-the-art machine learning algorithms,
producing a dynamic threat intelligence feed for automated blocking by your URL
filtration / blocking defenses in real-time. It’s a whole new level of
protection from the growing number of sophisticated zero-hour phishing threats
on the web.
BONUS reading… check out 10
Steps Every Organization Should Take to Improve Cybersecurity.
*** This is a Security Bloggers Network syndicated blog from SlashNext authored by sln_admin. Read the original post at: https://www.slashnext.com/blog/7-research-insights-to-help-inform-your-approach-to-network-security/