© 2017 forrester. reproduction prohibited. · 2020-02-22 · security strategies and make informed...
TRANSCRIPT
© 2017 FORRESTER. REPRODUCTION PROHIBITED.
© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Analyst Insights - Forrester Research On Top Trends And Threats for 2018What Cybersecurity Leaders Need to Know for 2018
Joseph Blankenship, Senior Analyst
December 20, 2017
3© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Analyst Bio
Joseph (aka JB) supports Security & Risk
professionals, helping clients develop
security strategies and make informed
decisions to protect against risk. He covers
security infrastructure and operations,
including security information management
(SIM), security analytics, security automation
and orchestration (SAO), distributed denial of
service (DDoS), and network security. His
research focuses on security monitoring,
threat detection, insider threat, operations,
and management.Joseph Blankenship, Senior Analyst
Forrester
About Bill Bradley
Leads Product Marketing for DLP
20 Years of Marketing & Sales Experience• Field Sales, Competitive Analysis,
Product Marketing & Management
Previously at Rapid7 and General Electric
4
Bill BradleyDirector, Product Marketing
We work with business and
technology leaders to develop
customer-obsessed strategies
that drive growth.
5© 2017 FORRESTER. REPRODUCTION PROHIBITED.
6© 2017 FORRESTER. REPRODUCTION PROHIBITED.
‘Tis The Season
7© 2017 FORRESTER. REPRODUCTION PROHIBITED.
For Cyber Security Predictions
2018
8© 2017 FORRESTER. REPRODUCTION PROHIBITED.
But First, A Look Back At 2017
See Forrester’s 2017 prediction results blog:“2017 Saw Record-Breaking Breaches — And There’s More Where That Came From In 2018”
go.forrester.com/blogs/2017-saw-record-breaking-breaches-and-theres-more-where-that-came-from-in-2018/
9© 2017 FORRESTER. REPRODUCTION PROHIBITED.
2017: A Year To Remember (or not)
› Software vulnerabilities continue to plague us
› Ransomware impacted businesses globally
› US government hacking tools leaked
› Insiders remain a threat
› Phishing and business email compromise are still
difficult to recognize and stop
› PII breached on a record scale
Source: Forrester’s Top Cybersecurity Threats In 2018 report
10© 2017 FORRESTER. REPRODUCTION PROHIBITED.
6 Cyber Security Predictions For 2018
1. Governments will lose their perch as the sole
providers of reliable, verified identities
2. More IoT attacks will be motivated by financial
gain than chaos
3. Cybercriminals will use ransomware to shut
down point of sale (POS) systems
4. Cybercriminals will attempt to undermine the
integrity of US 2018 midterm elections
5. Blockchain will overtake AI in venture capital
(VC) funding, and vendor road maps
6. Firms too aggressively hunting insider threats
will face lawsuits, GDPR fines
Source: Forrester’s Predictions 2018: Cybersecurity report
11© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Governments No Longer The Sole Source Of Identity
Source: Forrester’s Predictions 2018: Cybersecurity report
› Numerous breaches of PII mean
that there is no single entity that
can safeguard identity data and
provide reliable identity
verification (IDV)
› Action:
• Evaluate IDV service partners to
deliver IDV
12© 2017 FORRESTER. REPRODUCTION PROHIBITED.
IoT Attacks Motivated By Financial Gain
› IoT attacks have largely focused
on chaos and disruption
› Future attacks will be driven by
digital extortion schemes and
the monetization of sensitive
data
› Action:
• Assess IoT attack vectors,
compliance risk, and
organizational readiness
Source: Forrester’s Predictions 2018: Cybersecurity report
13© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Ransomware Will Shut Down PoS Devices
› With payment system
encryption largely in place,
cybercriminals will resort to
digital extortion via ransomware
to monetize attacks
› Action:
• Don’t pay the ransom; create
robust plans for system and data
recovery now
Image source: www.bellaellaboutique.com
14© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Elections Under Attack (Again)
› The U.S. mid-term elections in
2018 will be the target of
attackers wishing to undermine
the integrity of the election
› Action:
• Donate your expertise while
zealously protecting your
customer data
Source: Forrester’s Predictions 2018: Cybersecurity report
Image: www.flickr.com/photos/shuttercat7/323474324
15© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Blockchain Funding Will Overtake AI Funding
› Blockchain will become a
foundational technology for
functions like certificate
issuance, IDV, reputation
checks, and document
authenticity and verification
› Action:
• Interrogate your vendors
regarding their blockchain road
maps
Source: Forrester’s Predictions 2018: Cybersecurity report
Image: By Davidstankiewicz (Own work) [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)], via Wikimedia Commons
16© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Employee Monitoring Will Lead To Legal Trouble
Source: Forrester’s Predictions 2018: Cybersecurity report
› Insider threats are a real risk to
your business, but
overaggressive monitoring will
lead to lawsuits and GDPR fines
› Action:
• Create privacy rules of
engagement for employee
monitoring
Read: Harvard Business Review, “The Risks of Monitoring Employees Online”
hbr.org/2017/12/the-legal-risks-of-monitoring-employees-online
17© 2017 FORRESTER. REPRODUCTION PROHIBITED.
JB’s “Bonus” Predictions For 2018
18© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Bonus Prediction 1
Breaches Will Still Happen In 2018(and security presentations will still have guys in hoodies and 1s and zeros)
19© 2017 FORRESTER. REPRODUCTION PROHIBITED.
51% of firms were breached in the past 12 months.
48% of Enterprise Firms Suffered 2+ Breaches in 2017
20© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Bonus Prediction 2
There Still Won’t Be Enough Security Pros In 2018
21© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Source: U.S. Bureau of Labor Statistics, Employment Projections program
The cybersecurity talent
shortage is estimated to be
as high as 1.5 to 2 million
unfilled jobs by 2022.
22© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Base: 1,700 Security technology decision-makers (1,000+ employees)
Source: Forrester Data Global Business Technographics Security Survey, 2017
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
Complexity of our IT environment
Changing/evolving nature of IT threats (internal and…
Compliance with new privacy laws
Day-to-day tactical activities taking up too much time
Building a culture of data stewardship
Lack of budget
Lack of staff (the security team is understaffed)
Unavailability of security employees with the right skills
Inability to measure the effectiveness of our security…
Other priorities in the organization taking precedence…
Top 10 Enterprise Security Challenges
23© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Bonus Prediction 3
Security Automation & Orchestration (SAO) Will Become Mainstream
24© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Base: 1,169 Security technology decision-makers (1,000+ employees)
Source: Forrester Data Global Business Technographics Security Survey, 2017
› State that using automation and
orchestration tools to improve security
operations is a high or critical priority.68%
› Plan to increase spending on SAO
technologies from 2017 – 2018.47%
25© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Bonus Prediction 4
Image: @malwareunicorn
More Emphasis Will Be Placed On Insider Threats
26© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Source: Forrester Data Global Business Technographics Security Survey, 2017; Forrester’s Best Practices: Mitigating Insider Threats report
27© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Bonus Prediction 5
Source: Develop Your Zero Trust Workforce Security Strategy
More Enterprises Adopt Zero Trust For Data Protection
28© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Protect Your “Toxic” Data
Source: Forrester’s Rethinking Data Loss Prevention With Forrester's DLP Maturity Grid report
29© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Base: Global client security decision-makers (20+ employees)
Note: Only showing top 10 by enterprise (1,000+ employees)
Source: Forrester Data Global Business Technographics Security Survey, 2017
66%
66%
65%
64%
63%
63%
63%
62%
61%
61%
58%
59%
58%
57%
56%
56%
57%
55%
54%
55%
Data loss prevention
Email encryption
Full disk encryption
Database encryption & data obscurity
Secure file sharing and collaboration
Media encryption
Security communications/encrypted communication
Enterprise key management
Cloud encryption
File-level encryption
“What are your firm’s plans to adopt the following data security and information risk management technologies?”
Implementing/Expanding Implementation (4,5)
Enterprise (N = 1,044) All respondents (N = 565)
30© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Wrap-Up And Next Steps
› Prepare ahead of time for 2018
• Evaluate your security policies and technologies
› Prioritize SAO as part of your security roadmap
• SAO has the potential to significantly impact operations
› Review your insider threat strategy
• Insider threat monitoring requires dedicated focus and policy
› Apply Zero Trust to protect sensitive data
• Know your sensitive data
• Encrypt “toxic” data
• Limit and monitor access
FORRESTER.COM
Thank you© 2017 FORRESTER. REPRODUCTION PROHIBITED.
Joseph Blankenship
www.forrester.com/Joseph-Blankenship
@infosec_jb
About Digital Guardian
32
Data Security Strategy
About Digital Guardian
33
Data Security Strategy
Visibility
About Digital Guardian
34
Data Security Strategy
Visibility
Analytics
About Digital Guardian
35
Data Security Strategy
Visibility
ControlsAnalytics
About Digital Guardian
System Events
User Events
Data Events
What
About Digital Guardian
System Events
User Events
Data Events
Endpoint
Data Storage
Cloud
Network
What Where
About Digital Guardian
System Events
User Events
Data Events
Endpoint
Data Storage
Cloud
Network
Data Loss Prevention
&
Endpoint Detection & Response
First and Only Solution to Unify:
&
What Where Why
About Digital Guardian
Leader: The Forrester Wave: Data Loss Prevention Suites
39
The Digital Guardian Platform
About Digital Guardian
Leader: The Forrester Wave: Data Loss Prevention Suites
SaaS or Fully Managed Security Programs
40
The Digital Guardian Platform
About Digital Guardian
Leader: The Forrester Wave: Data Loss Prevention Suites
SaaS or Fully Managed Security Programs
Data centric solution for both intellectual property (IP) protection andregulatory compliance
41
The Digital Guardian Platform
42
Register today for our upcoming webinar:
Analyst Insights: Maximizing the Value of DLP
Securosis on Selecting and Optimizing your DLP Program
Thursday January 25th 2PM ET