The theme of the 2017 RSA Conference is ‘The Power of Opportunity’ inspired by an approach to learning taken by the Zen monk Shunryu Suzuki. He said that one should pursue even the most advanced study with the mind-set of a beginner and be open to considering new possibilities.
That’s certainly a good way to approach the challenges of enterprise security. Today’s business landscape is constantly evolving, presenting new opportunities and challenges – such as the migration to public and private clouds, wider roll-out of mobility and BYOD programs, and the emergence of new cyberthreats seeking to exploit these technologies.
So, what are the threats that enterprises are currently most concerned about as their networks change and evolve? We wanted to find out what cyber security professionals felt about the impact of these changes – and threats – on their organizations’ security postures. To do this, we surveyed 1,900 IT professionals in US-based companies with 1,000 or more employees and the results of the survey are published in our 2017 Cyber Security Survey.
The survey report reveals that just 35% of the IT security professional respondents were ‘extremely confident’ or ‘very confident’ in their organization’s overall security posture – which means that nearly 65% are not overly confident in their organizations security posture. This lack of confidence was directly linked to cloud and mobile security concerns cited throughout the survey. The report also took a deeper dive into these specific areas to help understand the specific security challenges that IT professionals are facing.
Rising cloud concerns
Survey respondents said that adoption of public cloud computing in their organizations is a security worry: 81% expressed concern over public cloud usage with 49% being ‘extremely’ or ‘very concerned’. While greater efficiency and agility were reasons given for driving cloud adoption, enterprises of all sizes cited cloud security their top concern. This highlights the fact that in the cloud, organizations desire comprehensive threat prevention as well as email security, web security, application security, data protection; all the measures that organizations currently use to protect their traditional on-premise networks.
BYOD – Bring Your Own Disaster
65% of the security professionals surveyed said data loss was their main mobile security worry, followed by lost or stolen devices (61%), users downloading unsafe apps or content (59%) and unauthorized access to corporate data and systems (56%). Allowing employees to use their own devices for work purposes has many benefits but also introduces security risks. Many of these risks are similar to those experienced when securing PCs and laptops, but quickly become compounded due to the fact that BYOD devices that are always connected to the Internet, are primarily consumer grade, and are updated or replaced far more frequently. Mobile devices also comingle personal and business applications, presenting additional challenges with respect to securing and managing these devices versus corporate PCs and laptops. These challenges highlight the need for holistic, integrated solutions that can apply and enforce consistent security policies across all network endpoints, whether they are PCs, laptops or mobile devices.
Mitigating mobile threats
68% of respondents said malware protection is the key capability required for an effective mobile threat defense solution, followed by reporting and monitoring (64%) and ease of deployment (58%) close behind. PCs and laptops are different animals than smartphones and tablets. So it’s no surprise that keeping these devices protected requires a different approach than traditional network security often provides. The report data also highlighted that more visibility across mobile estates is needed in order to ensure better security.
So what is the opportunity for enterprises to improve their overall cybersecurity posture and to meet their IT and security challenges? The 2017 Cyber Security Survey highlights the security controls and technologies that IT professionals feel are most effective in securing data in cloud environments and in securing mobile estates. It also includes recommendations on how organizations can deploy architectures to deliver protection across their complex, hybrid networks and mobile devices, and how they can stay one step ahead of threats and prevent attacks impacting their networks.
If you’re attending the 2017 RSA Conference, we invite you to visit the Check Point booth S1507 to find out more about how you can improve your organization’s agility and security posture. Check Point’s cyber security experts will be running regular solution demonstrations and presentations covering advanced threat prevention, mobile threat prevention, public and private cloud security, and more.
We look forward to meeting you there and helping you to take back control of your networks with an integrated, comprehensive security infrastructure and strategy that enables you to fully realize the ‘Power of Opportunity’ for your organization.