Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
www.thales-esecurity.com
2018 THALES DATA THREAT REPORT
Trends in Encryptionand Data Security
U.S. HEALTHCARE EDITION
2018 THALES DATA THREAT REPORTNOW IN ITS SIXTH YEAR
1,200+ SENIOR IT SECURITY EXECUTIVES SURVEYED GLOBALLY | 500 U.S. TOTAL | 100 U.S. HEALTHCARE | 100 GLOBAL HEALTHCARE
Copyright 2018 Thales
U.S.U.K.
GERMANY
JAPAN
INDIA
SWEDEN
NETHERLANDS
KOREA
HEALTHCARE DATA SECURITY – CODE RED
77%More than 3 out of 4large U.S. healthcareorganizations have
now been breached.The highest of any
vertical we measured
BREACHED IN THE LAST YEAR
breached both in thelast year and previously
BREACHED EVER
BREACHED …. AGAIN!
Rates of breaches in the last year at federalagencies are up 2.5x from 2016 in this year’s results2.5
x
HEALTHCARE FEELING VULNERABLE TO DATA THREATS
“More than three-fourths (77%) of U.S. healthcare respondents reported at leastone breach at some time in the past - the highest among all U.S. verticals.”
Garrett Bekker – Principal Analyst for Information Security, 451 ResearchAuthor of the 2018 Thales Data Threat Report
HEALTHCARE ORGANIZATIONS ARE RESPONDING
INCREASING SPENDING – RATES OF MUCH HIGHER SPENDING
46%22%
14%
20182017
2016
IMPLEMENTING DATA SECURITY TOOLSImplementing now, or planning to implement these top tools for protecting sensitive data in 2018.
65%Data masking
60%Identity andaccessmanagement
59%Database andfile encryption
57%Encryption inthe cloud
Healthcare IT Security spending increases. Rates of “Much Higher” spending increases by year.
BUT HOW EFFECTIVE WILL THAT INCREASED SPENDING BE?
Rated Effective
Spending Increase
Highly effectivebut lowestspendingincrease
Least effectivebut highestspendingincrease
“U.S. HEALTHCARE PLANS TO SPEND THE MOST ON SECURITY FOR ENDPOINT ANDMOBILE DEVICES, DESPITE RANKING THESE AS LEAST EFFECTIVE.”Garrett Bekker – Principal Analyst for Information Security, 451 Research
DIGITAL HEALTHCARE INITIATIVES INCREASE RISK FOR DATA
MASSIVE ADOPTION COMPOUNDS THE PROBLEM
95% use digital transformation technologies with sensitive data(cloud, big data, IoT, containers, blockchain and mobile payments)
100%96%92%92%90%
Cloud
Big Data
IoT
Blockchain
Mobile Paymts
New environments require new approaches to protecting citizen data,government secrets and other sensitive information
DEPLOYING SENSITIVE DATA TO THE CLOUD
48%using 3 or more IaaSor PaaS providers
Multi-cloud usage compounds the problem
63% using 3 or morePaaS providers52% Using more than 50 SaaS applications,
where data is inherently harder to control
CONCERNS ARE HIGH(rates of very/extremely concerned) AND RATES OF ENCRYPTION
USAGE TODAY ARE LOW
using encryption inthe cloud today
Only 32%
78%
75%
75%74%
73%
Managing Encryption Keys acrossmultiple cloud environments
Increased vulnerabilities
Data may be at risk if their cloudvendor fails or is acquired
Meeting compliance requirements
Control over the location of data
CONTROLLING DATA IN THE CLOUD
Control of sensitivedata protected withencryption hinges oncontrol of theencryption keys
Local control ofencryption keys
HEALTHCARE GETS IT – CONTROL THE KEYS TO CONTROL THE DATA
48% Local control of cloudencryption keys29%
“The healthcare vertical has emerged as a prime target for hackers. While a stolencredit card has a time-limited value (the card number can be changed), PHI andelectronic medical records (EMR) are stuffed with immutable data that can and dofetch hundreds of dollars per stolen record on illegalonline markets.”
Garrett Bekker – Principal Analyst for Information Security, 451 ResearchAuthor of the 2018 Thales Data Threat Report
HEALTHCARE ADOPTION OF BIG DATA IS HIGHSENSITIVE DATA USE COMPOUNDS PROBLEMS
96%now use big data
38% are using sensitive datawithin big data environments today
Top concerns for sensitive data withinbig data environments
What’s needed to speedBig Data adoption?
29% 28% 28% 25%
Compliancecertificationsfor big data
35%Sensitive data may resideanywhere within the
environment35%
28%
27%
24%
26%
Lack of effectiveaccess controls
Lack of nativesecurity frameworks
Privileged users
Privacy violations
Sensitive datadiscovery andclassification
System levelencryption andaccess controls
Mask data byrole within
big data
Improvedmonitoring andreporting tools
IOT IN HEALTHCAREENCYRPTION REQUIRED
92% Using or planning touse IoT this year
31% are using sensitivedata with IoT applications
Encryption a key tool enablingsafe use of IoT
Encryption establishes secureidentity with digital birthcertificates for IoT devices
Encryption protectsdata-in-transit
Encryption protects dataon devices
Encryption and access controlshelp organizations meetcompliance requirements forback end data stores
Scienti fic andPersonal/Wearables
Medical Environmental
Top concerns with IoT25% 24% 23% 20% 20%
Protecting sensitivedata generated by IoT
Lack of personnelskilled in IoT Security
Loss or theft ofIoT devices
Attacks on IoTdevices
Lack of securityframeworks
25%45% 33%
Top IoT uses in healthcare
ENCRYPTION – A CRITICAL TOOLFOR PROTECTING SENSITIVE DATA
Good news –In spite of low funding, mostorganizations areimplementing or planning toimplement data security toolsthis year
Encryption tools areneeded to drivedigital healthcareinitiatives
48%35%
49%31%
Cloud: Encryption isthe top toolneeded formore cloud use
Big Data: System levelencryption and access
controls
IoT: Secure authentication(an encryption technology)a top tool need for more
IoT adoption
Containers: Availabilityof encryption toolswould increase adoption
www.thales-esecurity.com
2018 THALES DATA THREAT REPORT
Trends in Encryptionand Data Security
U.S. HEALTHCARE EDITION