2018 thales data threat report - go. · pdf filedata-in-motion defenses network defenses...

Click here to load reader

Post on 18-Oct-2019

5 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • #2018DataThreat

    2018 THALES DATA THREAT REPORT

    Trends in Encryption and Data Security

    INDIA EDITION

  • 2 2018 THALES DATA THREAT REPORT • INDIA EDITION

    TABLE OF CONTENTS

    INTRODUCTION 3

    KEY FINDINGS 4

    SPENDING UP (A LOT); BUT SO ARE THE BREACHES 5

    Spending in all the wrong places 7

    Spending drivers 8

    DATA SOVEREIGNTY 9

    SECURING SaaS, BIG DATA AND IoT 10

    SENSITIVE DATA STORAGE 10

    CLOUD 12

    BIG DATA 13

    IoT 13

    DOCKER/CONTAINERS 14

    AI/MACHINE LEARNING 16

    MOBILE PAYMENTS 16

    BLOCKCHAIN – TONS OF HYPE, BUT STILL EARLY 17

    RECOMMENDATIONS 18

    OUR SPONSORS GEOBRIDGE

  • 3 2018 THALES DATA THREAT REPORT • INDIA EDITION

    INTRODUCTION

    Reports of major data breaches globally continue unabated, underscoring the harsh realities of the state of cyber security today. Year-to-year increases in IT security spending across a broad swath of vertical markets and geographies have done little to stem the tide of breaches. This ongoing game of cat-and-mouse suggests that their tactics, sophistication and motivation are helping global attackers stay at least one step ahead of their often overwhelmed and beleaguered defenders. The obvious – or what should be obvious – question is whether the cyber defenses that are being deployed today need to be re-examined for overall effectiveness and recalibrated.

    This is particularly true with respect to emerging privacy mandates around the globe, such as GDPR in the European Union. For India specifically, The Constitution of India does not expressly grant the fundamental right to privacy, including data privacy, and India currently has no express legislation regarding data protection and privacy. However, the Indian Information Technology Act, 2000 does provide for both civil and criminal penalties for misuse or wrongful disclosure of personal data.

    However, India has adopted strict privacy guidelines concerning Aadhaar, a 12-digit unique number that all residents of India are encouraged to obtain and which is overseen by the Unique Identification Authority of India (UIDAI). Aadhaar is based on unique biometric and demographic data and is designed to reduce fraud when awarding various benefits, among other things. Courts in India are still wrestling with efforts by some to restrict access to benefits to those residents declining to obtain Aadhaar numbers. Meanwhile, the Indian government is encouraging citizens to link Aadhaar numbers to bank accounts, mobile SIM cards and other services.

    Perhaps as a result of such initiatives, far more Indian organizations are planning IT security spending increases than any other geographic or vertical market sector. At the same time, reports of successful data breaches in India are second only to Sweden among all geographical and vertical markets.

    The data in this report is based on detailed input from over 100 senior IT security managers in India– all part of the Global Thales 2018 Global Data Threat Report, which polled 1,200 IT security managers in eight countries and across four major vertical markets. This report is the first to focus specifically on the Indian marketplace.

    “Far more Indian organizations are planning IT security spending increases than any other geographic or vertical market sector. At the same time, reports of successful data breaches in India are second only to Sweden among all geographical and vertical markets.”

    3

    http://www.mondaq.com/india/x/655034/data+protection/Data+Protection+Laws+in+India https://dtr.thalesesecurity.com

  • 4 2018 THALES DATA THREAT REPORT • INDIA EDITION

    KEY FINDINGS

    For India, the report findings display a mix of good and bad news, arguably weighted toward good news relative to findings in other geographic sectors.

    • A striking 93% of Indian respondents’ plan on increasing IT security spending this year, the highest among all countries surveyed and well above the global average (78%).

    • The bad news is that 52% of Indian respondents reported a successful breach last year, also way above the global average (36%). Further, a full three quarters (75%) in India reported being breached at some time in the past, compared with just 67% globally.

    • Thus, it is not surprising that 62% of Indian respondents’ report feeling ‘very’ or ‘extremely’ vulnerable to attacks on sensitive data (37% ‘extremely’ vulnerable), also well ahead of the global average (44%). By way of contrast, in Japan, which enforces strict data privacy laws, just 17% report feeling ‘extremely’ vulnerable.

    • Another somewhat shocking result is that 85% of Indian respondents say compliance is either ‘very’ or ‘extremely’ effective at stopping breaches, again way ahead of the global average (64%).

    “A striking 93% of Indian respondents’ plan on increasing IT security spending this year, the highest among all countries surveyed and well above the global average (78%).”

    “The bad news is that 52% of Indian respondents reported a successful breach last year, also way above the global average (36%). Further, a full three quarters (75%) in India reported being breached at some time in the past, compared with just 67% globally.”

    “It is not surprising that 62% of Indian respondents’ report feeling ‘very’ or ‘extremely’ vulnerable to attacks on sensitive data (37%

    ‘extremely’ vulnerable).”

    How spending in 12 months will compare to its current level Total higher

    93% India Global

    78%

    Breached at some point in the past

    India

    Global

    US

    Japan

    Korea

    Germany

    Netherlands

    Sweden

    UK

    0% 10% 20% 30% 40% 50% 60% 70% 80%

  • 52018 THALES DATA THREAT REPORT • INDIA EDITION

    • And perhaps most revealing, Indian organizations are apparently spending their valuable IT security funds in the wrong places.

    o 91% list analysis and correlation as the most effective weapons to stop data breaches followed closely by data-in-motion/data-at-rest defenses at 90% each.

    o Endpoint/mobile defenses are ranked least effective (81%).

    o Yet endpoint/mobile defenses are ranked at the top in terms of spending plans (81%), with data-at-rest at the bottom (54%).

    • Concerns about performance impacts and business processes are the top barrier cited in India to IT security, followed by perceptions of complexity (48%) and perceived need (37%).

    • Indian respondents are relatively unconcerned about storing sensitive data in cloud environments, with 92% of Indian respondents reporting that their organizations store sensitive data in some form of public cloud (either IaaS, PaaS or SaaS), well ahead of the global average of 74%.

    SPENDING UP (A LOT); BUT SO ARE THE BREACHES

    India this year is going all-in with IT security spending, with 93% of respondents planning IT security-spending increases. As noted earlier, this is well ahead of the global average (78%) and the highest among all countries surveyed. And with good reason: while breach reports are up globally, they are up sharply in India. More than half – 52% – of Indian respondents reported a successful breach in the last year alone, well ahead of the global average (36%). By way of contrast, in Japan just 9% of respondents admit to being breached in the past year. Further, three quarters of Indian respondents (75%) have been breached at some time in the past, compared to 67% globally. Possible explanations include a booming IT economy that makes India a high-profile attack target and relatively less mature corporate IT security programs.

    “Indian organizations are apparently spending their valuable IT security funds in the wrong places.”

    “Indian respondents are relatively unconcerned about storing sensitive data in cloud environments, with 92% of Indian respondents reporting that their organizations store sensitive data in some form of public cloud (either IaaS, PaaS or SaaS), well ahead of the global average of 74%.”

    Breached in the last year

    India

    Global

    US

    Japan

    Korea

    Germany

    Netherlands

    Sweden

    UK

    0% 10% 20% 30% 40% 50% 60%

  • 6 2018 THALES DATA THREAT REPORT • INDIA EDITION6

    52% “More than half – 52% – of Indian respondents reported a successful breach in the last year alone, well ahead of the global average (36%).

  • 72018 THALES DATA THREAT REPORT • INDIA EDITION

    With such shockingly high breach levels, it is not surprising that IT security professionals in India feel far more vulnerable to security attacks, with 62% saying they feel either ‘very’ or ‘extremely’ vulnerable to attacks on sensitive data, compared with just 44% globally and 53% in the U.S. What’s more, 37% in India feel ‘extremely’ vulnerable, way above the global average of 21%. Only the U.S. is close at 30%.

    Spending in all the wrong places Virtually all vertical sectors and geographic regions reported a glaring disconnect between what are perceived as the most effective IT security solutions and what respondents are most likely to spend their budgets on. In India, this problem is magnified. Indian respondents rank analysis and correlation tools (like SIEM devices, etc.) as the most effective at stopping data breaches (91%), with data-in-motion and data-at-rest a very close second (90%), whil

View more