|By Business Wire||
|February 20, 2014 03:00 AM EST||
A new generation of unknown security threats stemming from megatrends and technologies like BYOD, mobility, cloud computing, and Internet usage, as well as internal actions both accidental and malicious, introduce organizations to a multitude of new risks. According to a Dell global security survey released today, however, the majority of IT leaders around the world say they don’t view these threats as top security concerns and are not prioritizing how to find and address them across the many points of origin. In fact, when respondents were asked to look at long term priorities, only 37 percent ranked unknown threats as a top security concern in the next five years.
Epidemic threats come from all perimeters, both inside and outside of the organization, and are often hidden in poorly configured settings or permissions, and ineffective data governance, access management and usage policies. Dell’s global security survey of leading public and private sector security decision-makers gauged their awareness of, and preparedness for this new wave of threats plaguing IT security.
Some key findings include:
- 64 percent of respondents agree that organizations will need to restructure/reorganize their IT processes, and be more collaborative with other departments to stay ahead of the next security threat. Of those surveyed in the United States, 85 percent said this approach is needed, contrasting with the U.K. (43 percent) and Canada (45 percent), which were the least convinced this would be necessary
- Nearly 90 percent of respondents believe government should be involved in determining organizations’ cyber defense strategies, and 78 percent in the Unites States think the federal government plays a positive role in protecting organizations against both internal and external threats, which underscores the need for strong leadership and guidance from public sector organizations in helping secure the private sector
Unknown Threats Come From Every Perimeter, Both Inside and Outside of the Organization
The dramatic spike in social engineering, malicious and/or accidental internal attacks, as well as sophisticated, advanced persistent threats means the organization is vulnerable from all directions. All stakeholders must immediately take action to strengthen access to points inside and outside the perimeter, and help users prevent such attacks.
- 67 percent of survey respondents say they have increased funds spent on education and training of employees in the past 12 months; 50 percent believe security training for both new and current employees is a priority
- 54 percent have increased spending in monitoring services over the past year; this number rises to 72 percent in the United States
Among the IT decision-makers surveyed, BYOD, cloud and the Internet were the top areas of concern for security threats.
BYOD ─ A sizable number of respondents highlighted mobility as
the root cause of a breach, with increased mobility and user choice
flooding networks with access devices that provide many paths for
exposing data and applications to risk.
- 93 percent of organizations surveyed allow personal devices for work. 31 percent of end users access the network on personal devices (37 percent in the United States)
- 44 percent of respondents said instituting policies for BYOD security is of high importance in preventing security breaches
- 57 percent ranked increased use of mobile devices as a top security concern in the next five years (71 percent in the U.K.)
- 24 percent said misuse of mobile devices/operating system vulnerabilities is the root cause of security breaches
Cloud ─ Many organizations today use cloud computing,
potentially introducing unknown security threats that lead to targeted
attacks on organizational data and applications. Survey findings prove
these stealthy threats come with high risk.
- 73 percent of respondents report their organizations currently use cloud (90 percent in the United States)
- Nearly half (49 percent) ranked increased use of cloud as a top security concern in the next five years, suggesting unease for the future as only 22 percent said moving data to the cloud was a top security concern today
- In organizations where security is a top priority for next year, 86 percent are using cloud
- 21 percent said cloud apps or service usage are the root cause of their security breaches
Internet ─ The significance of the unknown threats that result
from heavy use of Internet communication and distributed networks is
evidenced by the 63 percent of respondents who ranked increased
reliance upon internet and browser-based applications as a top concern
in the next five years.
- More than one-fifth of respondents consider infection from untrusted remote access (public wifi) among the top three security concerns for their organization
- 47 percent identified malware, viruses and intrusions often available through web apps, OS patching issues, and other application-related vulnerabilities as the root causes of breaches
- 70 percent are currently using email security to prevent outsider attacks from accessing the network via their email channel
Combat Known and Unknown Threats
The survey revealed that 76 percent of IT leaders surveyed (93 percent in the United States) agree that to combat today’s threats, an organization must protect itself both inside and outside of its perimeters. This requires not only a comprehensive set of solutions that protects from the inside out and the outside in ─ from the endpoint, to the data center to the cloud ─ but one that also connects these capabilities to provide deeper insights and stronger predictive analytics so that strategic action can be taken quickly.
Stacy Duncan, vice president, IT, DavCo
“All threats expose an organization to significant risk, but unknown threats, particularly, are silent predators that can have profound and catastrophic implications on performance and continuity. At the same time, compliance demands are ever-growing in complexity. We took proactive steps to guard ourselves both from inside and outside of our perimeters. As a retailer, we take all possible measures to protect our customers, while ensuring PCI compliance for our stores. We have deeper insights and network visibility that all keep our data safe and help us stay compliant because Dell’s Connected Security portfolio weaves security tightly into all areas in and around our network.”
Will Markham, security practice lead, Colt Enterprise Services
“In today's increasingly complex threat landscape, one of the most common threats comes from employees who download and install unauthorized software, without understanding the potential risks associated with their actions. Unfortunately, organizations are not always able to identify new vulnerabilities quickly enough. This is compounded by the anytime, anyplace, anywhere nature of accessing business data ─ everywhere from inside the network to application layers and mobile devices. As an international IT services company, protecting our customers’ information is critical, and we are constantly working to ensure that all measures are in place to ensure their data is secure at all times.”
Mary Hobson, Director, eResearch South Australia
"Although cloud presents massive opportunities for corporate IT in terms of cost savings, security issues are rising to the forefront. Hosting software in the cloud presents security issues that have to be tackled in a thoughtful and connected way, versus in silos or traditional perimeter defenses. In protecting our cloud and making it the best possible platform for our researchers, our strategy includes a sharper focus on security threats that originate both from the application layer and from internal users who may threaten our network either intentionally or by accident. Our researchers are now able to access secure data 40 times faster because of our highly scalable, easily manageable cloud platform enabled by Dell.”
Ash Motiwala, chief technology officer, Identropy
“External hackers have been the focus of news reports recently, and the threats they pose get lots of attention. Just as lethal to a company’s data, however, are the unknown threats that can emerge from within the organization. At Identropy, we know that an identity and access management strategy that safeguards the network with strong tools for provisioning, privileged account management, and managing and governing access is the key to diminishing unknown internal threats, and our customers count on us to ensure their identity and access management initiatives are successful. As a visionary, Dell understands the security landscape, which is why Dell solutions can be counted on to protect the network from both outside and inside the perimeter.”
Matt Medeiros, vice president and general manager, Dell Security Products, Dell Software Group
“Traditional security solutions can defend against malware and known vulnerabilities, but are generally ineffective in this new era of stealthy, unknown threats from both outside and inside the organization. These threats evade detection, bypass security controls, and wreak havoc on an organization’s network, applications, and data, but despite these dangers, our study found, among those surveyed, organizations are just not prepared. There is still a disturbing lack of understanding and awareness of the type of impact and detriment caused by the unknown threats that can come from both sides of an organization’s data flow. As a result, we believe a new security approach is needed ─ one that’s embedded in the fabric of software, governing access to every application and protecting every device, both inside and outside a corporate network. Only then, with this Connected Security approach, will organizations have a chance at keeping one step ahead of these epidemic threats that can significantly damage their network.”
About the Survey
Dell Software commissioned Vanson Bourne to survey 1,440 IT decision makers in organizations with 500+ employees or end users. The survey took place from October-November 2013 across the U.S. (300), Canada (60), U.K. (200), France (200), Germany (200), Italy (60), Spain (60), India (200), Australia (60), and Beijing (100). Both the private and public sectors were interviewed with specific focuses on: retail, consumer products, manufacturing, higher education, education (excluding higher), government/public services, healthcare (private and public), financial services, and other commercial sectors.
1 2008 US Census Bureau reported 20,475 firms in US with equivalent demographics to the study (500+ employees). The study showed that 87% of surveyed US organizations have suffered a security breach in the last twelve months. Taking 87% of the US firms mentioned above (17813) and multiplying this figure by the average cost of security breaches reported by US respondents in the survey ($1.45M).
- Whitepaper: http://software.dell.com/dellglobalsecurity_whitepaper
- Infographic: http://software.dell.com/dellglobalsecurity_unknownthreats
- Twitter: http://www.twitter.com/dellsecurity
- Facebook: http://www.facebook.com/dellsecurity
- LinkedIn: http://www.linkedin.com/groups/Dell-Software-4793472
- Dell Software YouTube: www.youtube.com/user/DellSoftwareVideo
Delivering Complete and Connected Security
Dell Connected Security gives organizations the power to solve their biggest security and compliance challenges today, while helping them better prepare for tomorrow. From the device to the data center to the cloud, Dell helps mitigate risks to enable the business.
Dell Inc. listens to customers and delivers innovative technology and services that give them the power to do more. For more information, visit www.dell.com.
Dell is a trademark of Dell Inc. Dell disclaims any proprietary interest in the marks and names of others.
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...
Mar. 30, 2017 02:15 AM EDT Reads: 4,085
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
Mar. 30, 2017 01:30 AM EDT Reads: 2,611
What sort of WebRTC based applications can we expect to see over the next year and beyond? One way to predict development trends is to see what sorts of applications startups are building. In his session at @ThingsExpo, Arin Sime, founder of WebRTC.ventures, will discuss the current and likely future trends in WebRTC application development based on real requests for custom applications from real customers, as well as other public sources of information,
Mar. 30, 2017 01:15 AM EDT Reads: 1,203
DevOps tends to focus on the relationship between Dev and Ops, putting an emphasis on the ops and application infrastructure. But that’s changing with microservices architectures. In her session at DevOps Summit, Lori MacVittie, Evangelist for F5 Networks, will focus on how microservices are changing the underlying architectures needed to scale, secure and deliver applications based on highly distributed (micro) services and why that means an expansion into “the network” for DevOps.
Mar. 30, 2017 01:00 AM EDT Reads: 8,285
In his session at Cloud Expo, Alan Winters, an entertainment executive/TV producer turned serial entrepreneur, will present a success story of an entrepreneur who has both suffered through and benefited from offshore development across multiple businesses: The smart choice, or how to select the right offshore development partner Warning signs, or how to minimize chances of making the wrong choice Collaboration, or how to establish the most effective work processes Budget control, or how to max...
Mar. 30, 2017 12:45 AM EDT Reads: 651
Interoute has announced the integration of its Global Cloud Infrastructure platform with Rancher Labs’ container management platform, Rancher. This approach enables enterprises to accelerate their digital transformation and infrastructure investments. Matthew Finnie, Interoute CTO commented “Enterprises developing and building apps in the cloud and those on a path to Digital Transformation need Digital ICT Infrastructure that allows them to build, test and deploy faster than ever before. The int...
Mar. 30, 2017 12:30 AM EDT Reads: 1,520
China Unicom exhibit at the 19th International Cloud Expo, which took place at the Santa Clara Convention Center in Santa Clara, CA, in November 2016. China United Network Communications Group Co. Ltd ("China Unicom") was officially established in 2009 on the basis of the merger of former China Netcom and former China Unicom. China Unicom mainly operates a full range of telecommunications services including mobile broadband (GSM, WCDMA, LTE FDD, TD-LTE), fixed-line broadband, ICT, data communica...
Mar. 30, 2017 12:15 AM EDT Reads: 3,557
ChatOps is an emerging topic that has led to the wide availability of integrations between group chat and various other tools/platforms. Currently, HipChat is an extremely powerful collaboration platform due to the various ChatOps integrations that are available. However, DevOps automation can involve orchestration and complex workflows. In his session at @DevOpsSummit at 20th Cloud Expo, Himanshu Chhetri, CTO at Addteq, will cover practical examples and use cases such as self-provisioning infra...
Mar. 29, 2017 11:45 PM EDT Reads: 3,205
SYS-CON Events announced today that Ocean9will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Ocean9 provides cloud services for Backup, Disaster Recovery (DRaaS) and instant Innovation, and redefines enterprise infrastructure with its cloud native subscription offerings for mission critical SAP workloads.
Mar. 29, 2017 09:30 PM EDT Reads: 2,453
MongoDB Atlas leverages VPC peering for AWS, a service that allows multiple VPC networks to interact. This includes VPCs that belong to other AWS account holders. By performing cross account VPC peering, users ensure networks that host and communicate their data are secure. In his session at 20th Cloud Expo, Jay Gordon, a Developer Advocate at MongoDB, will explain how to properly architect your VPC using existing AWS tools and then peer with your MongoDB Atlas cluster. He'll discuss the secur...
Mar. 29, 2017 07:30 PM EDT Reads: 914
Things are changing so quickly in IoT that it would take a wizard to predict which ecosystem will gain the most traction. In order for IoT to reach its potential, smart devices must be able to work together. Today, there are a slew of interoperability standards being promoted by big names to make this happen: HomeKit, Brillo and Alljoyn. In his session at @ThingsExpo, Adam Justice, vice president and general manager of Grid Connect, will review what happens when smart devices don’t work togethe...
Mar. 29, 2017 06:30 PM EDT Reads: 2,758
Building a cross-cloud operational model can be a daunting task. Per-cloud silos are not the answer, but neither is a fully generic abstraction plane that strips out capabilities unique to a particular provider. In his session at 20th Cloud Expo, Chris Wolf, VP & Chief Technology Officer, Global Field & Industry at VMware, will discuss how successful organizations approach cloud operations and management, with insights into where operations should be centralized and when it’s best to decentraliz...
Mar. 29, 2017 05:15 PM EDT Reads: 3,829
SYS-CON Events announced today that Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure networks, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Juniper Networks challenges the status quo with products, solutions and services that transform the economics of networking. The company co-innovates with customers and partners to deliver automated, scalable and secure network...
Mar. 29, 2017 04:30 PM EDT Reads: 1,704
Deep learning has been very successful in social sciences and specially areas where there is a lot of data. Trading is another field that can be viewed as social science with a lot of data. With the advent of Deep Learning and Big Data technologies for efficient computation, we are finally able to use the same methods in investment management as we would in face recognition or in making chat-bots. In his session at 20th Cloud Expo, Gaurav Chakravorty, co-founder and Head of Strategy Development ...
Mar. 29, 2017 04:15 PM EDT Reads: 3,916
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In his Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will explore t...
Mar. 29, 2017 04:00 PM EDT Reads: 3,245