When thinking about network security today you need to think beyond “network.” Most organizations manage a multitude of cloud services – sometimes essential to the organization and often part of shadow IT use cases. In a recently commissioned white paper from Osterman Research – New Methods for Solving Phishing, Business Email Compromise, Account Takeovers and Other Security Threats – they found that there are nearly 1,200 cloud services in play in the typical large enterprise and most of these are not “enterprise-ready.”
In addition, there are a significant number of mobile devices in use by employees that can access corporate networks and sensitive information, and most of these devices are loaded with apps, many of which are vulnerable and capable of compromise.
Bottom line… today’s attack surface is vast and goes well beyond the four walls of your organization. In their survey of security-focused professionals, Osterman came away with some key insights worth sharing.
- 81% of organizations have reported being the victim of some type of data breach, targeted email attack, successful phishing attack or other security incident during the previous 12 months. This is a substantial number and grounds for serious concern for most of the people and organizations that operate with a “chances are it won’t happen to me” mentality.
- While security decision makers and influencers are concerned about a wide range of issues, successful phishing attempts, employees unable to recognize phishing and social engineering attacks, and zero-day exploits concern them the most. And they should. The Verizon Data Breach Investigations Report concluded that phishing is represented in 93 percent of breaches, making it a necessary priority for security teams.
- The security skills gap is also a top-of-mind concern for security decision makers and influencers. 38% believe that the security skills shortage is a “definite” problem for their organization, and another 30% consider it to be a “very serious” problem. The shortage may be the result of the growing challenges that security operations centers (SOCs) seem to be facing. According to a Ponemon Institute study, 65% of SOC analysts have considered changing careers or quitting their jobs. More can be found on these SOC challenges in this earlier post we published – The Current Challenges SOCs Face and How to Help.
- There’s a growing disconnect between the security tools that are currently in place and the security tools professionals would like to have in place. Research showed that teams would like to have more cloud-based tools, and they would like a much greater use of artificial intelligence (AI) and machine learning (ML). Our SEER technology leverages these in delivering real-time threat protection.
- Many of those who influence and make security decisions are not confident in their organization’s ability to thwart a wide range of security problems. In fact, 29% do not believe they are “doing well” at protecting end users from ransomware and 33% do not believe they are “doing well” at protecting end users from malware.
- 28% of the organizations in the survey do not have the ability to identify which email account has been compromised once a threat has been discovered.
- Security awareness training is an essential element to bolster the security infrastructure, something that the majority tend to agree with. That said, humans are the weak link in the security chain. A holistic security approach is essential. Be sure to check out our blog 8 ‘Must-Haves’ that Today’s Security Policies Need to Include.
As part of a holistic threat prevention solution, organizations need strong policies. They also need to get out in front of phishing threats and bad actors. SlashNext Real-Time Phishing Threat Intelligence definitively detects phishing sites with virtual browsers and state-of-the-art machine learning algorithms, producing a dynamic threat intelligence feed for automated blocking by your URL filtration / blocking defenses in real-time. It’s a whole new level of protection from the growing number of sophisticated zero-hour phishing threats on the web.
BONUS reading… check out 10 Steps Every Organization Should Take to Improve Cybersecurity.