From BYOD security to NSA breach by Edward Snowden

Majority enterprises say NSA breach by Edward Snowden is the most impactful incidents in terms of changing security strategies to protect against the latest threats.

For sixty eight percent businesses NSA breach by Edward Snowden and the number of retail/point of sale (PoS) system breaches in the past year were the most impactful incidents, said CyberArk’s 8th Annual Global Advanced Threat Landscape survey involving 373 C-level and IT security executives across North America, Europe and the Asia-Pacific.

The survey said Snowden and Retail/PoS Breaches influence security strategies the most.

When asked which cyber-attacks or data breaches in the past year had the biggest impact on their business’ security strategy:

37 percent of respondents cited the NSA/Edward Snowden breach; 31 percent of respondents cited the retail/PoS attacks; 19 percent of respondents cited government-sponsored espionage and Third-Party Privileged Access Emerges as Critical Security Vulnerability.

The survey said that 60 percent of businesses allow third-party vendors remote access to their internal networks. Of this group, 58 percent of organizations have no confidence that third-party vendors are securing and monitoring privileged access to their network.

52 percent of respondents believe that a cyber-attacker is currently on their network, or has been in the past year. 44 percent believe that attacks that reach the privileged account takeover stage are the most difficult to detect, respond to and remediate; 29 percent believe it is the malware implantation stage

Survey respondents stated that the following trends were the most impactful in terms of shaping and changing security strategies:

30 percent stated Bring Your Own Device (BYOD); 26 percent stated cloud computing; 21 percent stated regulatory compliance; 16 percent stated the Internet of Things (IoT).

When asked whether their organization had or was considering deploying security analytics, this year’s survey found that:

31 percent of businesses have already deployed security analytics in some form; 23 percent were planning on deploying security analytics in the next 12 months; 33 percent had no plans to leverage security analytics.


CA report study on BYOD in association with Ponemon Institute

Meanwhile, the CA report in association with Ponemon Institute said BYOID deployment using social IDs is still in its infancy, but interest is high, especially for mobile and web customer populations.

There is a high level of interest in BYOID and using social identities such as Facebook, LinkedIn or Yahoo, with 50 percent of IT and 63 percent of business users expressing high or very high interest.

Customers engaging with the business via the Web and mobile device were highest rated for targeted digital identity engagement, eclipsing other populations such as job recruits, employees, contractors and retirees.

Both IT and business users agreed that an important reason for BYOID adoption in their organization was to achieve a stronger identity credential and get a higher level of confidence that a user is who he says he is (69 percent and 65 percent respectively).

But business users cited capturing attributes about users as the biggest benefit (95 percent). This indicates an evolving view of identity. No longer viewed as simply a component for protecting data, identity is now seen as a value asset that can provide data which could drive incremental revenue and help maintain customers.

Additional security developments could drive increased BYOID adoption. The majority of IT and Business users said “identity validation processes” would help increase BYOID adoption (72 percent and 70 percent respectively).

Implementing fraud risk engines also rated among the top three across both groups. Interestingly only 27 percent of business respondents believed formal accreditation of the identity provider was very important / essential, while 59 percent of IT users believe formal accreditation is very important / essential.

When asked what social ID was of most interest to their organization, IT users ranked PayPal as the preferred identity provider across all regions. Business user responses varied with Amazon edging out PayPal and Microsoft. When asked what social ID respondents preferred as a consumer, Google was highest ranked among both IT users and business users.

[email protected]