Security and cyberthreats, across entire IT industry, are intensifying like never before. Cyber attacks have not only shot up in numbers, but have also become stealthy, sophisticated, and damaging. What else is bothering security professionals? What do they feel necessary to combat this mess? Perhaps, better monitoring requisites. A recent ESG Research survey revealed some interesting facts and figures, collected from around 315 security professionals working at enterprise organizations. Here it goes:
• 34% said they need tighter integration between security intelligence and IT operations tools, such as asset management, configuration management, network performance management, etc.
• 33% said they need better security analysis and forensics skills at their organization
• 29% said they need automated security analytics from their security intelligence tools
• 28% said they need better visibility into network traffic and behavior
• 28% said they need a better understanding of end-user behavior
• 27% said they need a better understanding of baseline behavior so they can better detect anomalies
So, the major concern here is the better monitoring techniques, and of course continuous. It is quite understandable as if people will be able to properly and consistently monitor they systems and machines, they will be able to figure out the treats quickly, and find solutions to tackle them.
In another survey called “Encryption in the Cloud” conducted by Ponemon Institute, when IT professionals were asked whether they use external cloud-based services for sensitive data, most of them gave a positive response. Interestingly, their approaches to encrypting data in the cloud vary widely. How? Well, here’s a quick look:
• 38% said their organizations rely on encryption of data as it’s transferred, typically over the Internet, to the cloud.
• 35% said their organizations encrypt data before it’s transmitted to the cloud provider so that it remains encrypted within the cloud.
• 27% said their organizations perform encryption within the cloud environment, with 16 percent of those selectively encrypting at the application layer, and 11 percent letting the cloud provider encrypt stored data as a service.
A striking thing revealed by the respondents was that even in cases where encryption is performed outside the cloud, more than half of respondents hand over the keys, which shows that the trend to transfer sensitive or confidential data to cloud environments is growing fast.
Talking about the Cloud, the recent iCloud Hack has also raised questions about Cloud security. Perhaps, the basic problem with the cloud is that you are essentially at the mercy of your cloud provider, and the lack of industry-wide standards for cloud security.
Besides, we have a lot of surveys confirming the increase of global cyber threats and security concerns. A few days back, we AlienVault released an infographic giving details of trends in malicious cyber activity, and reported China and U.S. as the Primary Sources of Malicious IPs and cyber attacks. Last but not the least, we all are afraid of Anonymous, the group famous for hackitivism or politically-motivated hacking or hacking-for-a-cause. A Bit9 report discussed the survey conducted among 2,000 IT security leaders which stated that companies with 500 or more employees and government security professionals are the ones concerned with cybercrime from Anonymous at 61%, other cybercriminals at 55%, and nation state sponsored attacks from China 28%, Russia 13%, and 4% from other countries. This shows that the Anonymous as the most feared threat among IT professionals. Sigh!