首页 > 资料专栏 > IT > IT技术 > 信息技术 > Computing_2017企业安全评估(网络安全)(英文版)2017.11_28页

Computing_2017企业安全评估(网络安全)(英文版)2017.11_28页

PAPERCOM
V 实名认证
内容提供者
热门搜索
资料大小:2885KB(压缩后)
文档格式:WinRAR
资料语言:中文版/英文版/日文版
解压密码:m448
更新时间:2019/8/29(发布于广东)

类型:积分资料
积分:10分 (VIP无积分限制)
推荐:升级会员

   点此下载 ==>> 点击下载文档


文本描述
Contents
Executive summaryp 3
Research overviewp 5
Headline newsp 6
Ransomware comes of agep 8
Real-world security strategyp 10
New threats, new solutionsp 14
Layered security p 17
Blockchain p 19
GDPR p 22
Conclusions p 24
About
Computing
p 28
Tis document is property of Incisive Business Media Ltd. Reproduction and distribution of this
publication in any form without prior written permission is forbidden.
2Enterprise Security Review 2017
3Enterprise Security Review 2017
1 Executive summary
If 2016 was the year that turned many aspects of conventional wisdom
into history, 2017 has been the year in which the drawbacks of the digital
revolution have become abundantly and brutally clear. Tis revolution has
changed the nature of everything – including warfare and crime. In a world
with no borders, where none of the old rules apply, we fnd that traditional
approaches to data security are no longer proving efective. As 2017 draws to
a close, we appear to be losing one battle after another.
Te
Computing Enterprise Security Review 2017
summarises the results of a
comprehensive research program undertaken by
Computing
during the third
quarter of 2017. Te review discusses the impact of mainstream media news
about cyber-attacks on attitudes to data security and the role of ransomware
in particular in shaping attitudes.
We discuss whether increasing levels of concern, indeed alarm, are
translating into action on cyber security strategies and solutions. Te
review also covers the level of understanding of newer types of malware and
whether this phase of evolution in malware is contributing to the shifting of
the security mindset to one of detection rather than prevention. Te growth
in cyber-insurance takeup is discussed, as is the prevailing layered security
architecture and some of the challenges inherent in optimising it.
Te fnal section of the review discusses present levels of awareness and
readiness to employ blockchain-based technologies and whether these are
really a promising security solution, and also where organisations are in
terms of their GDPR preparations. Te review concludes with a discussion of
whether a complete change of approach is required to head of a bleak future
as our attack surface area continues to grow.
Key highlights from the research include:
Mainstream new media reporting numerous cyber security attack
stories has had a profound impact on how well individuals from outside
the technology sector – as well as inside – understand the issues.
Ransomware in particular is now far more widely understood, despite
it only being the fourth most frequently experienced attack. Seventy-
seven per cent of our respondents agreed with the statement, “More than
anything else, ransomware has made the board sit up and listen to IT
security professionals”.
Te combination of ransomware-as-a-service (RaaS) and the minimal
knowledge required to mount a campaign, the highlighting by the media
of the window of exposure between vulnerability identifcation and
patch application, the increasing willingness to pay fnes, and the GDPR
raising the stakes for everyone means that the volume of ransomware is
likely to increase.
“In a world with
no borders,
where none of
the old rules
apply, we fnd
that traditional
approaches to
data security
are no longer
proving
efective”
4Enterprise Security Review 2017
Increased awareness of data security has not yet translated into
universal action when it comes to strategy. Employee awareness has
increased but only half of our respondents reported that their board and/
or senior business management had become more involved in security
strategy in the last 12 months.
Security budgets are not increasing for a majority of organisations and
security remains the remit of IT in a majority also.
Awareness of and concern about fleless malware was reasonably high.
Fifty-nine per cent agreed with the statement, “Security is moving from
prevention to detection”.
Sixty-four per cent of our survey respondents were practicing a defence-
in-depth approach to security but the optimisation of layered security
architecture was being frustrated by a lack of skills and a seeming inability
of individuals to look at the bigger picture.
Finance represented the largest opportunity for blockchain in the short
to medium term. Sixteen per cent of our survey respondents were familiar
with blockchain and only 11 per cent were actually using it in their own
organisations.
Compliance with the GDPR and industry-specifc regulations were a
high priority for all of our respondents, yet more than 60 per cent of our
respondents had, at best, only just started to prepare.。