The evolution of data breach prevention practices
Despite the potential costs, legal consequences and other negative outcomes of data breaches, they continue to happen. A new SANS Institute survey looks at the preventive aspect of breaches – and what security and IT practitioners actually are, or are not, implementing for prevention.
The survey looked at how practitioners might overcome barriers to implementing effective prevention, including developing clear requirements and defining specific preventive measures, such as the role of automation, threat intelligence and others.
The findings illustrates an apparent disconnect between what is considered preventive by the majority of respondents and the measures that have been implemented for prevention:
- 85 percent of respondents consider blocking known malware as a preventive measure, yet less than half (40 percent) have implemented these methods
- 63 percent consider robust testing is preventive, while only 39 percent have implemented robust testing
- Nearly 60 percent consider metrics-based evaluation and reporting preventive but only 40 percent are using evaluation and reporting.
“Many data breaches can be avoided or the impact mitigated, but preventing them continues to be a challenge in the real world. The survey illustrates the disconnect between what respondents consider preventive controls versus what they have implemented as preventive measures,” said Barbara Filkins, senior analyst at the SANS Institute.
Respondents indicated that lack of enough staffing, inadequate budgets and a deficit of skills are barriers to preventing breaches. Limitations in legacy infrastructure also emerged as a factor prohibiting organization from not being more proactive in protecting critical data.
“We must change the way we think about cybersecurity today and address the gap between understanding preventative measures and actually implementing them,” said Rick Howard, CSO, Palo Alto Networks. “If we adopt a breach prevention-oriented mindset, the combination of next-generation technology, improvements in processes and training, and real-time sharing of threat intelligence, organizations can vastly reduce the number of successful attacks and restore the digital trust we all require for our global economy.”
“Data collected from survey respondents points to the need to better define prevention in terms of the metrics (qualitative or quantitative) that can be used to explain and justify preventive measures to management/decision makers in an organization,” said Filkins.
The survey also looked at how practitioners might overcome barriers to implementing effective prevention, including developing clear requirements and defining specific preventive measures, including the role of automation, threat intelligence and others.