webinar:hidden threatsand the 2017 cyber threat

defense report

About The Cyberthreat Defense Report

❑ 27-question online survey conducted in Nov 2016▪IT security decision maker or practitioner▪Employed by organization with at least

500 employees❑ Survey designed to assess:▪Organization’s security posture▪Perceptions of cyberthreats and security

defenses▪Current and future IT security investments▪IT security practices and strategies

2

Survey Demographics

3Respondents by employee countRespondents by country

1,100 respondents | 15 countries | 19 industries

Steadily Rising Cyberattacks

4

79% were affected by a successful cyberattack in 2016…

Percentage compromised at least onceFrequency of successful attacks

Cyberthreat Migraines

5

Malware and spear-phishing are always top of mind. Overall concern is rising!

Overall concern for cyberthreats is rising!

Feeling Ransomware’s Pain

6

Data loss and productivity loss are of greatest concern. Losing revenue isn’t.

Responding to Ransomware

Percentage affected by ransomware in 2016

61% of organizations affected by ransomware globally. Thankfully, most (54%) recovered their data without paying the ransom.

Room for Improving Office 365 Security

8

Only 1 in 3 is truly confident with Microsoft’s available Office 365 protections, opening the door to third-party solutions.

Biggest Obstacles to “Being Secure”

“Low security awareness among employees” is the biggest obstacle for the fourth consecutive year. When will the industry take notice?

App and Data Security Deployment Plans

10

App security testing, app vulnerability scanning, and deception technology are most sought after in 2017.

Threat Intelligence Practices

Blocking more threats remains the dominant use case for threat intelligence services.

CASB Deployment Use Cases

12

Preventing unwanted data disclosures remains the number one use case for deploying CASB technology.

Overcoming the IT Security Skills Shortage

13

Nine out of 10 organizations are affected by the skills shortage. Most (51%) are leveraging external vendors and contractors.

Percentage affected by the IT security skills shortage, by industry

Key Take-Aways

❑ Successful cyber attacks are rising!▪79% affected in 2017 vs. 62% in 2014

❑ Malware is the biggest headache for IT security teams▪Followed by phishing and insider threats

❑ Ransomware is a significant issue▪61% of organizations affected▪One-third paid the ransom▪More than 13% lost their data

❑ CASBs are among the top investments planned for 2017▪Address a growing area of concern▪Rich feature set provides a lot of coverage/capabilities

14

poll: what are your top

cloud security concerns?

the traditional approach to

security is inadequate

enterprise(CASB)

end-user devicesvisibility & analytics

data protectionidentity & access control

applicationstorageserversnetwork

how does the solution differ from security built into cloud apps?

app vendor

does the solution protect cloud data end-to-end?

■ Cloud data doesn’t exist only “in the cloud”

■ A complete solution must provide visibility and control over data in the cloud

■ Solution must also protect data on end-user devices

■ Leverage contextual access controls

can the solution control access from both managed & unmanaged devices?

reverse proxy■ unmanaged devices - any device, anywhere■ no software to install/configure

forward proxy■ managed devices - inline control for installed

apps■ agent and certificate based approaches

activesync proxy■ secure email, calendar, etc on any mobile

device■ no software to install/configure■ device level security - wipe, encryption, PIN

etc

does the solution provide real-time visibility and control?

■ Apply granular DLP to data-at-rest and upon access

■ Context-awareness should distinguish between users, managed and unmanaged devices, and more

■ Flexible policy actions (DRM, quarantine, remove share, etc) required to mitigate overall risk

does the solution protect against unauthorized access?

■ Cloud app identity management should maintain the best practices of on-prem identity

■ Cross-app visibility into suspicious access activity with actions like step-up multifactor authentication

secure office 365 + byod

client:

■ 35,000 employees globally

challenge: ■ Inadequate native O365 security■ Controlled access from any device■ Limit external sharing■ Interoperable with existing

infrastructure, e.g. Bluecoat, ADFS

solution: ■ Real-time data visibility and control ■ DLP policy enforcement at upload

or download■ Quarantine externally-shared

sensitive files in cloud ■ Controlled unmanaged device

access■ Shadow IT & Breach discovery

fortune 50 healthcar

efirm

client:

■ 15,000 employees in 190+ locations globally

challenge:

■ Mitigate risks of Google Apps adoption

■ Prevent sensitive data from being stored in the cloud

■ Limit data access based on device risk level

■ Govern external sharing

solution:

■ Inline data protection for unmanaged devices/BYOD

■ Bidirectional DLP

■ Real-time sharing control

secure google apps +

byod

business data

giant

about bitglass

total data

protection est. jan

2013

100+ custome

rs

tier 1 VCs

resources:more info about cloud security

■ whitepaper: the definitive guide to CASBs

■ report: cyberthreat defense

■ case study: fortune 100 healthcare firm secure O365

bitglass.com@bitglass