Huge growth in attack surface driving global data breaches, Thales Threat Report

Huge growth in attack surface driving global data breaches, Thales Threat Report

The rush to embrace new environments has created more attack surfaces and new risks for data that need to be offset by data security controls.

Thales, a vendor in critical information systems, cybersecurity and data security, announced the results of its 2018 Thales Data Threat Report, Global Edition, issued in conjunction with analyst firm 451 Research. The report finds digitally transformative technologies are shaping the way organisations do business and moving them to a data-driven world, with 94% of organisations using sensitive data in cloud, big data, IoT, container, blockchain and mobile environments.

Digital transformation is driving efficiency and scale as well as making possible new business models that drive growth and profitability. Enterprises are embracing this opportunity by leveraging all that digital technology offers, with adoption at record levels:

  • 42% of organisations use more than 50 SaaS applications
  • 57% use three or more IaaS vendors
  • 53% use three or more PaaS environments
  • 99% are using big data
  • 94% are implementing IoT technologies
  • 91% are working on or using mobile payments

This rush to embrace new environments has created more attack surfaces and new risks for data that need to be offset by data security controls. The extent and impact of increased threats is most clearly shown in levels of data breaches and vulnerability:

  • In 2018, 67% of respondents were breached, with 36% breached in the last year – a marked increase from 2017, which saw 26% breached in the last year
  • Consequently, 44% of respondents feel very or extremely vulnerable to data threats

While times have changed with respect to technological advancements, security strategies have not– in large part because spending realities do not match up with what works best to protect data:

  • 77% of respondents cite data-at-rest security solutions as being most effective at preventing breaches, with network security 75% and data-in-motion 75% following close behind
  • Despite this, 57% of respondents are spending the most on endpoint and mobile security technologies, followed by analysis and correlation tools 50%

When it comes to protecting data, the gap between perception and reality is apparent, with data-at-rest security solutions coming in at the bottom 40% of IT security spending priorities. This disconnect is also reflected in organisation’s attitude towards encryption, a key technology with a proven track record of protecting data.

While spending decisions do not reflect its popularity, respondents still express a strong interest in deploying encryption technologies:

  • 44% cite encryption as the top tool for increased cloud usage
  • 35% believe encryption is necessary to drive big data adoption –
  • Only three points behind the top perceived driver, identity technologies 38%, and one point behind the second improved monitoring and reporting tools, at 36%
  • 48% cite encryption as the top tool for protecting IoT deployments, and 41% as the top tool for protecting container deployments

In addition, encryption technologies top the list of desired data security purchases in the next year, with 44% citing tokenisation capabilities as the number one priority, followed by encryption with bring your own key capabilities. Encryption is also cited as the top tool 42% for meeting new privacy requirements such as the European Union General Data Protection Regulation.

Garrett Bekker, Principal Security Analyst, Information Security at 451 Research and author of the report says: “This year we found that organisations are dealing with massive change as a result of digital transformation, but this change is creating new attack surfaces and new risks that need to be offset by data security controls.”

“But while times have changed, security strategies have not – security spending increases that focus on the data itself are at the bottom of IT security spending priorities, leaving customer data, financial information and intellectual property severely at risk. If security strategies are not equally as dynamic in this fast-changing threat environment, the rate of breaches will continue to increase.”

Peter Galvin, Chief Strategy Officer, Thales eSecurity says: “From cloud computing, to mobile devices, digital payments and emerging IoT applications, organisations are re-shaping how they do business – and this digital transformation is reliant on data. As is borne out by our 2018 Data Threat Report, we are now at the point where we have to admit that data breaches are the new reality, with over a third of organisations suffering a breach in the past year. In this increasingly data-driven world it is therefore hugely important to take steps to protect that data wherever it is created, shared or stored.”

To offset the data breach trend and take advantage of new technologies and innovations, at minimum organisations should adhere to the following practices:

  • Leverage encryption and access controls as a primary defense for data and consider an “encrypt everything” strategy
  • Select data security platform offerings that address multiple use cases to reduce complexity and costs
  • Implement security analytics and multi-factor authentication solutions to help identify threatening patterns of data use

Browse our latest issue

Intelligent Tech Channels

View Magazine Archive