logo
 
  1. IT-Security >
  2. Cyber Security Nachrichten >
  3. The Security Spending Paradox


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

The Security Spending Paradox


IT Security Nachrichten vom | Direktlink: feedproxy.google.com Nachrichten Bewertung

A Zero Trust Security Model Allows Organizations to Align Their Security Investments With What Works Best

In a few weeks, security professionals from all around the world will descend on San Francisco for RSA Conference 2018 to discuss new approaches to information security and how to prevent being victimized by cyber-attacks. As always, the expo halls will be filled with the latest technologies, ranging from Artificial Intelligence, Container Security, Threat Intelligence, and Threat Hunting to Next-Gen Endpoint Security. But are these emerging technologies providing the effectiveness that is needed to defend against today’s dynamic cyber threats?

According to Gartner, worldwide security spending will reach $96 billion in 2018, up 8% from the 2017 spend of $89 billion. This statistic confirms that organization are incorporating emerging technologies in their existing security stack to minimize their cyber risk exposure. Meanwhile we’re experiencing a continuous increase in security incidents. Are these security investments paying dividends? 

The security spending paradox is reflected in several recent research studies. For example, a Dow Jones Customer Intelligence study finds that 62 percent of CEOs believe malware is the biggest threat to their organization. In another report, the  2018 Scalar Security Study, respondents rate Network Security (61%) or Traditional Endpoint Protection (49%) of higher (perceived) effectiveness than identity assurance and access controls (18%). Similar results were published by 451 Research in the 2018 Thales Data Threat Report, where network security (83%) and endpoint security (70%) scored highest in perceived effectiveness. These incongruent findings illustrate a lack of consensus in the industry on which attack vectors pose the biggest risk to organizations and the “identity crisis” in security. 

Many organizations don’t realize the impact that identity and access management has when it comes to minimizing the risk of suffering a data breach. A post-mortem analysis of the top data breaches in 2017, reveals that compromised identity was the primary vector in these cyber-attacks. As a matter of fact, a whopping 81% of hacking-related breaches leverage either stolen, default, or weak passwords.

In this context, organizations need to recognize that perimeter-based security, which focuses on securing endpoints and networks, provides no protection against identity and credential-based threats. Until we start implementing identity-centric security measures, account compromise attacks will continue to provide a perfect camouflage for data breaches. 

Still not convinced? Let’s look at some of the vulnerabilities that could be avoided by implementing identity-centric security measures:

● Insecure and publicly kept passwords;

● Using the same password across different applications and resources;

● One shared password for an entire group (e.g., admins), saved in a central location;

● Reliance on passwords rather than multiple factors (e.g., one-time password tokens, soft tokens, biometrics); and

● Over privileged user accounts being exploited.

Instead of following the traditional approach of “trust, but verify”, organizations should shift instead to a Zero Trust Security model, which assumes that users inside a network are no more trustworthy than those outside the network. The four main pillars of the Zero Trust Security model are: 

● Verify the User: Evaluate the security posture of a user based on location, device, and behavior to determine that users are who they say they are. Take the appropriate actions (i.e., multi-factor authentication) to assure user authenticity.

● Verify their Device: Whether it’s a corporate owned, BYOD, or public desktop, laptop, or mobile device, enforce access policies based on the device identity and security posture. Only allow access to the organization’s resources from trusted endpoints.

● Limit Access and Privilege: If the user and device are verified, a least privilege, role-based access model is enforced at the resource, limiting access to what each user requires for their job, while granting just-in-time access to specific applications and infrastructure for a limited timeframe.

● Learn and Adapt: Information is constantly being generated from various sources (from the user, their devices, and all activities related to them). Leverage machine learning to set contextual access policies, as well as adjust and adapt policies automatically.

The Zero Trust Security model offers a very pragmatic blueprint for implementing identity and access management-based strategies to secure applications, devices, data, and infrastructure – both on-premise and in the cloud. Since Zero Trust is not an all-or-nothing approach, it can be implemented in different phases, over time. Using this model, organizations can finally align their security investments with what works best for protecting their business against data breaches.

view counter
Torsten George is strategic advisory board member at vulnerability risk management software vendor, NopSec. Torsten has more than 20 years of global information security experience. He is a frequent speaker on cyber security and risk management strategies worldwide and regularly provides commentary and byline articles for media outlets, covering topics such as data breaches, incident response best practices, and cyber security strategies. Torsten has held executive level positions with RiskSense, RiskVision (formerly Agiliance), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell). He holds a Doctorate in Economics and a Diplom-Kaufmann degree.
...

http://feedproxy.google.com/~r/Securityweek/~3/7e-JxGBXtSw/security-spending-paradox

Externe Webseite mit kompletten Inhalt öffnen

Kommentiere zu The Security Spending Paradox






➤ Ähnliche Beiträge

  • 1.

    The Security Spending Paradox

    vom 121.29 Punkte ic_school_black_18dp
    A Zero Trust Security Model Allows Organizations to Align Their Security Investments With What Works Best In a few weeks, security professionals from all around the world will descend on San Francisco for RSA Conference 2018 to discuss new approaches
  • 2.

    The Security Spending Paradox

    vom 121.29 Punkte ic_school_black_18dp
    A Zero Trust Security Model Allows Organizations to Align Their Security Investments With What Works Best In a few weeks, security professionals from all around the world will descend on San Francisco for RSA Conference 2018 to discuss new approaches
  • 3.

    USN-3415-1: tcpdump vulnerabilities

    vom 106.38 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3415-1 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.04 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixe
  • 4.

    USN-3415-2: tcpdump vulnerabilities

    vom 106.38 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3415-2 13th September, 2017 tcpdump vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary Several security issues were fixed in tcpdump Software description tcpdump
  • 5.

    Solve the IoT security paradox to unleash innovation

    vom 76.93 Punkte ic_school_black_18dp
    This blog is the second in a series highlighting our newest research, IoT Signals. Each week will feature a new top-of-mind topic to provide insights into the current state of IoT adoption across industries, how business leaders can develop their ow
  • 6.

    The August 2019 Security Update Review

    vom 65.55 Punkte ic_school_black_18dp
    August is here and it brings with it the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.   Adobe Patches for August 2019 Adobe relea
  • 7.

    USN-3131-1: ImageMagick vulnerabilities

    vom 62.1 Punkte ic_school_black_18dp
    Ubuntu Security Notice USN-3131-1 21st November, 2016 imagemagick vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Several sec
  • 8.

    The June 2019 Security Update Review

    vom 62.1 Punkte ic_school_black_18dp
    June has arrived and so have the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for June 2019 This month, A
  • 9.

    The Silicon Valley Paradox: One In Four People Are At Risk of Hunger

    vom 61.23 Punkte ic_school_black_18dp
    Zorro shares a report from The Guardian: One in four people in Silicon Valley are at risk of hunger, researchers at the Second Harvest food bank have found. Using hundreds of community interviews and data modeling, a new study suggests that 26.8% of the
  • 10.

    The February 2019 Security Update Review

    vom 58.65 Punkte ic_school_black_18dp
    February is here and with it comes the latest in security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for February 2019
  • 11.

    The February 2019 Security Update Review

    vom 58.65 Punkte ic_school_black_18dp
    February is here and with it comes the latest in security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for February 2019
  • 12.

    Hyperscale Data Center Spending Hits Record $31B In Q3

    vom 57.52 Punkte ic_school_black_18dp
    The fastest-growing data center market segment returned to growth mode in the third quarter of 2019, with global hyperscale capex spending exceeding $31 billion, up 8 percent year over year. From a report: The $31 billion is the second-highest spending