Breaches Drive Security Strategy in Organizations

According to figures derived from the Annual Global Advanced Threat Landscape Survey carried out by Americas at CyberArk, data breaches seem to be driving the security strategy in organizations. Interviewing a sample of 373 IT security executives and other senior management from North America, Europe and Asia-Pacific participated in this survey, in which 70 percent of the respondents believe that NSA leaks by Edward Snowden and the recent Point-of-Sale breaches have had a huge impact on their business security strategies. Hence breaches are clearly driving the strategy for security in organizations, some of which are even making more room for security in their budget.

Adam Bosnian, Executive Vice President of the Americas at CyberArk is of the opinion that making room for more security budget earlier was the reaction from companies that were breached. But now, organizations are proactively formulating security strategies to avoid being breached. This is certainly a positive shift, which is likely to bring down the possibility of breaches in the future.

In a nutshell, the survey respondents believe that,

52%	Attackers are already present on their network / present at least during the past year.
44%	Privileged Account takeover most difficult to detect, respond, and remediate.
29%	Difficult to detect during malware implementation stage.
58%	Not confident if the vendors are actually securing or monitoring privileged access to their network.
21%	Believe that regulatory compliance has major impact on security strategy.

While data breaches are often attributed to attacks from outside the organization, the survey also revealed that 52 percent respondents believe attackers are already present on their network or have been present at least during the past year. This belief supports the idea of insider attacks, which is a growing threat to organizations today.

It is noteworthy that 44 percent respondents believe that attacks reaching the privileged account (a shared accountdesigned for making work easier)takeover stage are the most difficult to detect, respond to, and remediate. But 29 percent respondents believe that it is at the malware implementation stage that attacks become difficult to detect.

Another disturbing fact is that 60 percent of the survey respondents have indicated that their businesses allow vendors to access internal networks and out of these, 58 percent respondents do not have the confidence that these vendors are actually securing or monitoring privileged access to their network. This is becoming a big concern across businesses.

Who is responsible for security?

Most companies may believe that the third-party vendor is the one who has to secure access to its network. But according to experts including Bosnian, it is the responsibility of the company to make sure that their network is completely secured.

What are the other trends shaping security strategies in organizations?

About 30 percent respondents believe that Bring Your Own Device (BYOD) has a major impact. Likewise, 26 percent said cloud computing drives strategic decisions about security, and 21 percent believe that regulatory compliance has a big impact on the security strategy.

The survey also indicated that 31 percent businesses have already deployed security analytics in some form, 23 percent are planning to or in the process of doing so within the next year, and 33 percent indicated they have no plans for introducing security analytics in their business.

However, experts including Bosnian believe that the industry is moving in a healthier direction than it was a few years ago. The fact that organizations are proactively taking measures to prevent security breaches is undoubtedly a welcome change. These organizations can successfully achieve their objective by implementing comprehensive security solutions such as Aegify Security Posture Management, Aegify SecureGRC or Aegify Risk Management that can dramatically simplify security initiatives and help build a completely safe and secure business network.