The 2017 Thales data threat report presents the corporate view of security very well. And as any enterprise security team will tell you the report is entirely reflective of what they are having to live through.
Despite regulation threat with General Data Protection Regulation (GDPR) just around the corner, the already stringent requirements of most compliance regimes; the board still does not get it… or at least “get” security.
Spending is still way too low even though 68% of the respondents to the Thales report have suffered a breach and 30% of them agreed that there security was woefully inadequate.
Compliance is the biggest driver for security spend and the biggest concentration for the board. From that we can understand that they can see the benefit as compliance has a quantifiable return on investment – it gives them the sanction to continue business!
But if compliance is the biggest driver for security spend then why is it that this same sample of respondents believed that the greatest risks to their business were the employees? More importantly why do they believe that the privileged user accounts were the biggest risk (68% of respondents) as these are normally the people who influence the business the most and support the business most extensively. Then the next perceived risk group are executives with 44% of the respondents believing they are an issue for the company.
So in summary the executives that sanction the spend on security to meet the compliance to maintain the enterprise are probably the same people to cause the most issues!
When viewed that way then the only real answer is to ensure that you have independent assessment of security practices and estate and ensure you have services that allow the enterprise to measure their effectiveness in the maintenance of the compliance goals. At Exponential-e we are actively working with our customers to provide the protection they need on the networks they use and provide levels of independent protection that will help them meet their goals.