www.thales-esecurity.com
2017 THALES DATA THREAT REPORT
Trends in Encryption and Data Security
FINANCIAL SERVICES EDITION
2017 THALES DATA THREAT REPORTTRENDS IN ENCRYPTION AND DATA PROTECTION
U.S.
MEXICO
U.K.GERMANY
JAPAN
AUSTRALIABRAZIL
1,100+ SENIOR IT SECURITY EXECUTIVES SURVEYED GLOBALLY | 100 U.S. FINANCIAL SERVICES| 90 GLOBAL FINANCIAL SERVICES
Copyright 2017 Thales
RESPONDENTS ORGANIZATIONS (ALL)73% - $500M OR MORE48% - $1B OR MOREALL US - $250M+ALL GLOBAL - $150M+
U.S. FINANCIAL SERVICES – IT SECURITY SPEND INCREASES AND SO DO THE BREACHES
78% OF U.S. FINANCIAL SERVICES RESPONDENTS REPORTED THAT THEIR ORGANIZATIONS SPENDING ON IT SECURITY WILL BE INCREASED, BUT RATES
OF BREACHES IN THE LAST YEAR INCREASED FROM19% LAST YEAR TO 24% THIS YEAR
“CLEARLY, THERE’S STILL A BIG DISCONNECT BETWEEN WHAT WE ARE SPENDING THE MOST OF OUR SECURITY BUDGET ON AND WHAT’S NEEDED TO
ENSURE THAT OUR SENSITIVE DATA REMAINS SECURE.”GARRET BEKKER – SENIOR ANALYST, INFORMATION SECURITY
U.S. FINANCIAL SERVICESINCREASINGLY A TARGET FOR DATA BREACHES
U.S. FINANCIAL SERVICES DATA BREACHES
“24% of U.S. financial firms reported a breach last year, slightly lower than the overall global average of 26%, but higher than most other U.S. verticals and also up markedly from 19% the previous year … the implication is that U.S. financials are becoming more of a target.
Garrett BekkerPrincipal Analyst, Information Security, 451 Research
2017201768%
IN THE LAST YEAR2016 2016
24%19% 25% 42%
AT ANOTHER TIME IN THE PAST
2017 DATA BREACH RESULTS BY U.S. VERTICAL
HEALTHCARE FEDERAL GOVERNMENT
84%
FINANCIAL SERVICES
34%
65%
24%
42%
EVER
IN THE LAST YEAR
RETAIL
19%
52%47%
20%
42%H AVE
E X P E R I EN C E D A D AT A B R E AC H
• 24% IN THE LAST YEAR (UP FROM 19% PREVIOUSLY)
• 12% MORE THAN ONCE
U . S . F I NANCI AL S E R V I CE S
49%H AVE
E X P E R I EN C E D A D AT A B R E AC H
• 28% IN THE LAST YEAR• 21% MORE THAN ONCE
G L O B A L F I NA N CI A L S E R V I CE S
$€£
Garrett BekkerPrincipal Analyst Information Security, 451 Research
“.. external attackers frequently masquerade as insiders by using stolen or compromised credentials to access all types of valuable data, including PII, PHI, financial data and intellectual property”
33% U.S. FIN. SERV.
61% U.S. FINANCIAL SERVICES
40% U.S. FINANCIAL SERVICES
34% U.S. FINANCIAL SERVICES
ORDINARY EMPLOYEES
EXECUTIVEMANAGEMENT
THE MOST DANGEROUS INSIDERS
PRIVILEGED USERS
CONTRACTORS
60% GLOBAL FINANCIAL SERVICES
48% GLOBAL FINANCIAL SERVICES
35% GLOBAL FIN. SERV
38% GLOBAL FIN. SERV.
TOP EXTERNAL THREAT ACTOR SELECTIONS
“FINANCIAL FIRMS ARE A PRIME TARGET OF ATTACKERS, BECAUSE, IN THE INFAMOUS WORDS OF WILLIE SUTTON, ‘THAT’S WHERE THE MONEY IS’.”
14%CYBER CRIMINALS
HACKTIVISTSNATIONSTATES
CYBER-TERRORISTS
COMPETITORS
4%18%12%52%
U.S. FINANCIAL SERVICES
GLOBAL FINANCIAL SERVICES
18%CYBER CRIMINALS
HACKTIVISTSNATIONSTATES
CYBER-TERRORISTS
COMPETITORS13%12%16%40%
U.S. FINANCIAL SERVICES USING SENSITIVE DATAWITH ADVANCED TECHNOLOGIES WITHOUT DATA SECURITY
47%OF U.S. FINANCIAL SERVICES RESPONDENTS
SURVEYED ARE DEPLOYING NEW TECHNOLOGIES IN ADVANCE OF HAVING APPROPRIATE LEVELS
OF DATA SECURITY IN PLACE
96%WILL USE SENSITIVE DATA IN AT
LEAST ONE OF THESE ADVANCED TECHNOLOGY ENVIRONMENTS
58%
35%
39%
23%
40%
61%
45%
BLOCKCHAIN
CONTAINERS
BIG DATA
IOT
PAAS
MOBILE
IAAS
SAAS
* U.S. RESULTS
14%
WITH NATIONAL REGULATIONS LIKE GDPR COMING WORDWIDEDATA PRIVACY AND SOVEREIGNTY ARE MAKING WAVES EVERYWHERE
75% - U.S. 72% - GLOBAL
Impacted by Data Privacy and Data Sovereignty
ADDRESSING REQUIREMENTS BY: U.S. Fin Serv.
GLOBAL FINANCIAL SERVICES
TOKENIZING DATA
LOCAL HOSTING & CLOUD
49%70%
28%38%
ENCRYPTING DATA
MIGRATING DATA
TOKENIZING DATA
LOCAL HOSTING & CLOUD
54%66%
21%33%
ENCRYPTING DATA
MIGRATING DATA
JAPAN
EUROPE
100+ NATIONAL DATA PRIVACY/SOVEREIGNTY
REGULATIONS WORLDWIDE
AIPP DATA PROTECTION AND
PRIVACY RULES LIVE MAY 2017
GDPR GOESLIVE MAY 2018
MEXICO
LFPDPPP PRIVACY LAW WITH FINES UP
TO £ 1.5M
AUSTRALIA
NEW DATA BREACH DISCLOSURE
REQUIREMENT ENFORCEMENT
BEGINS FEBRUARY 2018
86%WERE VERY OR EXTREMELY VULNERABLE 27%
OF U.S. FINANCIAL SERVICES RESPONDENTS FELT THEIR ORGANIZATIONS WERE VULNERABLE TO DATA THREATS
“Today’s unbroken string of high profile data breaches serves as stark proof that data on any system can be attacked and compromised.”
Garrett Bekker, Principal AnalystInformation Security, 451 Research
FINANCIAL SERVICES ORGANIZATIONS FEELING VULNERABLE
“Just 27% of U.S. respondents said they feel ‘very’ or ‘extremely’ vulnerable to data threats, slightly below the global average of 30%. Global financial respondents, however, show a much greater degree of concern, with a full 43% indicating ‘very’ or ‘extremely’ vulnerable.”
Garrett BekkerPrincipal Analyst, Information
Security, 451 Research
VERY OR EXTREMELY
VULNERABLE
SOMEWHAT OR MORE
VULNERABLE
HEALTHCARE
U.S. Verticals
16%
84%
RETAIL
19% 47%27%FEDERALFINANCIAL
SERVICES
88%86%85%
48% 37%
88%
44%
90%
29%
90% 96%
31%
88%
Global Verticals
HEALTHCARE RETAIL FEDERALFINANCIAL SERVICES
E X P E C T T H E I R S P E N D I N G O N I T S E C U R I T Y T O
I N C R E AS E
• UP FROM 70% IN 2016• GLOBAL AVERAGE 73%
78%73%
2016
2017
58.5%
78%
70%
$ €£
COMPLIANCE THE TOP PRIORITY FORU.S. FINANCIAL SERVICES IT SECURITY SPENDING
IT SECURITY SPENDING PRIORITIES (RATES OF TOP 3 SELECTION)
“ONCE AGAIN OWING TO HEAVY REGULATIONS, COMPLIANCE REQUIREMENTS ARE THE TOP REASON FOR SECURITY SPENDING AT 49% FOR U.S. FINANCIAL RESPONDENTS, WITH REPUTATION AND BRAND SECOND AT 45%, FOLLOWED BY PENALTY AVOIDANCE – WHICH IS CLEARLY RELATED TO COMPLIANCE – AT 41%.
Garrett Bekker, Principal AnalystInformation Security, 451 Research
49% - 2017 COMPLIANCE REQUIREMENTS57% - 201645% - 2017 REPUTATION AND
BRAND PROTECTION62% - 201641% - 2017 DATA BREACH PENALTIES46% - 201633% - 2017 IT SECURITY BEST PRACTICES48% - 2017
26% - 2017EXECUTIVE DIRECTIVE24% - 2016
25% - 2017 PARTNER AND PROSPECT REQUIREMENTS28% - 2016
DATA BREACHES AT PARTNERS OR COMPETITORS16% - 201718% - 2017
PREVIOUS DATA BREACH17% - 201718% - 2016
COMPETITIVE/STRATEGIC CONCERNS20% - 201719% - 2016
31% - 2017 INCREASING CLOUD USAGENot measured
OLD HABITS DIE HARD – INVESTING HEAVILY IN NETWORK/END POINTSECURITY AS THEY BECOME LESS EFFECTIVE AND LESS RELEVANT
IT SECURITY DEFENSE SPENDING INCREASESNETWORK
ANALYSIS AND CORRELATIONDATA IN MOTION
END POINT AND MOBILE
73%
50%
59%
54%
52%DATA AT REST
NETWORK
ANALYSIS AND CORRELATIONDATA IN MOTION
END POINT AND MOBILE
89%
81%
81%
66%
79%DATA AT REST
BELIEVE NETWORK SECURITY VERY/ EXTREMELY EFFECTIVE AT PROTECTING DATA
89%+4% FROM 2016
“The sad truth is that as the data breaches continue to pile up, we continue to spend the bulk of our resources on the same old solutions, while approaches like data security that could arguably do a better job of protecting data, particularly among new technologies like cloud, Big Data and IoT, continue to lag. “
RATES OF EFFECTIVENESS FOR PROTECTING DATA
COMPLEXITY AND POTENTIAL PERFORMANCE IMPACTSTOP BARRIERS TO DATA SECURITY DEPLOYMENT – U.S. FINANCIAL SERVICES
LACK OF STAFF TO MANAGE24%
LACK OF ORGANIZATIONAL BUY IN15%
56% COMPLEXITY
40% POTENTIAL PERFORMANCE IMPACTS
24% LACK OF PERCEIVED NEED
PERCEIVED BARRIERS TO ADOPTING DATA SECURITY
“…The lack of skilled security staff has been a consistent theme in 451’s research efforts the past few years, and in conjunction with complexity, makes a strong case for data security functionality delivered as a service”
Garrett Bekker451 Research
PERCEPTION OF COMPLEXITY
UNIVERSALLY THE TOP BARRIER
PERCEIVE COMPLEXITY AS THE TOP BARRIER TO ADOPTION DATA SECURITY SOLUTIONS
56%GLOBAL – 50%
24% LACK OF BUDGET
TOP CONCERNS WITH CLOUD/SAAS ENVIRONMENTSRATES OF VERY OR EXTREMELY CONCERNED – FINANCIAL SERVICES
52% – U.S. SECURITY BREACHES / ATTACKS AT CSP55% – GLOBAL
53% – U.S. 57% – GLOBAL
SHARED INFRASTRUCTURE VULNERABILITIES
53% – U.S. LACK OF DATA LOCATION CONTROL50% – GLOBAL
47% – U.S. LACK OF DATA PRIVACY POLICY / SLA52% – GLOBAL
49% – U.S. CLOUD PRIVILEGED USER ABUSE/THREATS58% – GLOBAL
43% – U.S. MEETING COMPLIANCE REQUIREMENTS50% – GLOBAL
35% – U.S. CUSTODIANSHIP OF ENCRYPTION KEYS52% – GLOBAL
42% – U.S. LACK OF VISIBILITY INTO SECURITY PRACTICES55% – GLOBAL
“With tidal volumes of data and applications moving to the cloud, global respondents are most concerned about attacks on the cloud service provider (59%). However, for U.S. financial respondents, 53% are most concerned with security vulnerabilities from shared infrastructure, while slightly less (52%) are concerned with security breaches and attacks at the cloud service provider level.
Garrett BekkerPrincipal Analyst, Information Security, 451 Research
WHAT CAN CSPS AND SAAS PROVIDERS DOTO INCREASE FINANCIAL SERVICES CLOUD ADOPTION?
DETAILED PHYSICAL AND IT SECURITY IMPLEMENTATION
INFORMATION
DATA ENCRYPTION IN THE CLOUD WITH ENTERPRISEPREMISES KEY CONTROL
“U.S. financial services organizations that would choose encryption of their data in public cloud services also have a preference towards the storage of encryption keys locally.”
Garrett BekkerPrincipal Analyst, Information Security, 451 Research
60%U.S.
49%GLOBAL
DATA ENCRYPTION IN THE CLOUD WITH CSP KEY
CONTROL
51%U.S.
54%GLOBAL
SLA AGREEMENTS AND LIABILITY TERMS FOR
DATA BREACHES
50%U.S.
40%GLOBAL
52%U.S.
42%GLOBAL
BIG DATA – TOP FINANCIAL SERVICES DATA SECURITY STATS
TOP 5 CONCERNS
39% U.S.
43% GLOBALSECURITY OF REPORTS THAT MAY INCLUDE
SENSITIVE DATA
41% U.S.
46% GLOBALSENSITIVE DATA MAY RESIDE ANYWHERE
37% U.S.
39% GLOBAL
PRIVACY VIOLATIONS - DATA ORIGINATES IN MANY
COUNTRIES
29% U.S.
38% GLOBALPRIVILEGED USER
ACCESS TO PROTECTED DATA
36% U.S.
30% GLOBALLACK OF EFFECTIVE ACCESS
CONTROLS
USING ENCRYPTION TO PROTECT DATA
IN BIG DATA ENVIRONMENTS TODAY
42%
VERY CONCERNED THAT THEY ARE USING SENSITIVE
INFORMATION IN BIG DATA WITHOUT DATA SECURITY CONTROLS
USING SENSITIVE INFORMATION IN BIG
DATA ENVIRONMENTS
U.S.
35% GLOBAL
58% U.S.
39% GLOBAL
53% U.S.
39% GLOBAL
IOT ADOPTION IS HIGH FOR U.S. FINANCIAL SERVICESUSE OF SENSITIVE DATA A CONCERN
TOP 5 DATA SECURITY CONCERNS FOR IOT
25% - PRIVACY VIOLATIONS GENERATED BY IOT
37% - IDENTIFYING WHICH DATA IS SENSITIVE
35% - PROTECTING SENSITIVE DATA GENERATED BY IOT
25% - LOSS OR THEFT OF IOT DEVICES
24% - PRIVILEGED USER ACCESSTO DATA AND DEVICES
84%ADOPTING IOT
35%ALREADY USING
SENSITIVE DATA IN IOT
32%VERY CONCERNED ABOUT
SENSITIVE DATA IN IOT
TOP 5 CONTROLS NEEDED TO INCREASE IOT ADOPTION
33% - ANOMALY DETECT/BEHAV ANALYSIS
49% ENCYPTION OF DATA
54% - ANTI-MALWARE FOR DEVICES
33% - IOT NETWORK ISOLATION
49% SECURE ID & AUTH
CONTAINERS: TOP SECURITY CONTROLS TO INCREASEFINANCIAL SERVICES CONTAINER ADOPTION AND USE
ENCRYPTION54%
44% ANTI-MALWARE
38% VULNERABILITY SCANNING
43% MONITORING TOOLS FOR CONTAINERS
26% DIGITAL SIGNATURE IMAGE VALIDATION
53%
ENCRYPTION
38%
42%
ANTI-MALWARE
VULNERABILITY SCANNING
36% MONITORING TOOLS FOR CONTAINERS
29% DIGITAL SIGNATURE IMAGE VALIDATION
45%SECURITY THE TOP BARRIER
TO DEPLOYMENT
48%
U.S.
GLOBAL
U.S.
GLOBAL
84%DEPLOYING
CONTAINERS THIS YEAR.
ENCRYPTION ENABLES DIGITAL TRANSFORMATION IN FINANCIAL SERV.A KEY TOOL REQUIRED FOR ADVANCED TECHNOLOGY ADOPTION
ENCRYPTION ENABLING FURTHER ADOPTION OF CLOUD
CLOUD DATA ENCRYPTION IN THE CLOUD WITH ENTERPRISEPREMISE KEY CONTROL
60% 49%
ENCRYPTION OFFSETS TOP SECURITY CONCERNS
BIG DATASENSITIVE DATA EVERYWHERE
SECURITY OF REPORTSPRIVACY VIOLATIONS
41%39%37%
IOT DATA ENCRYPTION49%SECURE DIGITAL IDENTITY
(AN ENCRYPTION TECHNOLOGY)49%
CONTAINERS
U.S. GLOBAL
ENCRYPTION A TOP CONTROL NEEDED TO ENABLE GREATER ADOPTION
U.S. GLOBAL46%43%39%
THE TOP TECHNOLOGIES NEEDED TO EXPAND USAGE58%55%
U.S. GLOBAL
U.S. 54%GLOBAL42%
BEST PRACTICE RECOMMENDATIONSGARRETT BEKKER, 451 RESEARCH
Cloud and SaaS break legacy IT Security models – Data security with encryption and access controls across environments is required.Service-based solutions and platforms that include automation are preferred for reduced costs and simplicity.
Get a better handle on the location of sensitive data, particularly for Cloud, Big Data, Containers and IoT
Global and industry regulations can be demanding, but agencies should consider moving beyond compliance to greater use of encryption and BYOK, especially for cloud and other advanced technology environments.
Encryption and access control
Don’t just check off the compliance box
Discover and classify
Re-prioritize your IT security tool set
Encryption needs to move beyond laptops and desktops.Data center: File and application level encryption and access controlsCloud: Encrypt and manage keys locally, BYOK enables safe SaaS, PaaS and IaaSBig Data: Encryption and access control within the environmentContainers: Encrypt and control access to data both within containers and underlying data storage locationsIoT: Use secure device ID and authentication, as well as encryption of data at rest on devices, back end systems and in transit to limit data threats
ABOUT THALES E-SECURITY
Instilling trust across the data landscapeOur powerful technology platform provides advanced data security for more servers, applications, and environments than any other security alternative
What we doThales e-Security provides companies everything they need to protect and manage their data and scale easily to new environments and requirements—encryption, advanced key management, tokenization, authorization, privileged user control, and HSMs.
Our customersOur customers include 19 of the world’s 20 largest banks, four of the world’s five largest oil companies, 27 NATO country members and 15 of the Fortune 25.
Data Protection Platform
Key Management Encryption
Our solutions protect data while eliminating complexity, inefficiency and cost
DATA PROTECTIONHARDWARE
DATA PROTECTIONSOFTWARE
CustomerRecords
DB/ File Encryption
Secure Analytics
Big Data
PII
ApplicationEncryption
PCI,PHI
TokenizationData Masking
Internet of
Things
Public KeyInfra (PKI)
Use Cases
CloudMigration
Cloud Security
Payment related apps
TransactionSecurity
ScriptDevelopmen
t
Code Signing