Cybersecurity spending priorities not keeping pace with emerging tech
Cyberattacks – they never stop. Lately, SamSam ransomware attacks have steadily increased across all industries, including healthcare. Just last week two Indiana hospitals were hit, and Allscripts' hosted EHR was hobbled for days. Then there are Spectre and Meltdown, chip vulnerabilities that could wreak havoc on healthcare cybersecurity, potentially affecting personally identifiable information leakage and medical device security problems.
But EHRs and computer chips are basic technologies at the point. Even more transformative emerging tech are shaping the way industries including healthcare do business, according to a new study from cybersecurity vendor Thales, which found that 94 percent of organizations have sensitive data in cloud, big data, internet of things, blockchain and/or mobile environments.
For example, 42 percent of all organizations use software-as-a-service applications, 99 percent use big data, and 94 percent are implementing IoT technologies, according to the "2018 Thales Data Threat Report, Global Edition," issued in conjunction with analyst firm 451 Research.
But the rush to embrace those new computing and data environments has created more attack surfaces and new risks for data that need to be offset by data security controls, the report shows. The extent and impact of increased threats is most clearly shown in levels of data breaches and vulnerability.
In 2018, 67 percent of the study’s survey respondents were breached, with 36 percent breached in the last year – a marked increase from 2017, which saw 26 percent breached in the last year, the study found. Consequently, 44 percent of respondents feel “very” or “extremely” vulnerable to data threats.
The study noted that the times have clearly changed with respect to technological advancements, but security strategies have not – in large part because spending realities do not match up with what works best to protect data.
For instance, 77 percent of respondents cite data-at-rest security solutions as being most effective at preventing breaches, with network security (75 percent) and data-in-motion (75 percent) following close behind.
Despite this, 57 percent of respondents are spending the most on endpoint and mobile security technologies, followed by analysis and correlation tools (50 percent). When it comes to protecting data, the gap between perception and reality is apparent, with data-at-rest security solutions coming in at the bottom (40 percent) of IT security spending priorities.
This disconnect also is reflected in organizations’ attitude toward encryption, a key technology with a proven track record of protecting data. While spending decisions don’t reflect its popularity, survey respondents still express a strong interest in deploying encryption technologies.
For example, 44 percent cite encryption as the top tool for increased cloud usage. 35 percent believe encryption is necessary to drive Big Data adoption – only three points behind the top perceived driver, identity technologies (38 percent), and one point behind the second (improved monitoring and reporting tools, at 36 percent).
Forty-eight percent cite encryption as the top tool for protecting IoT deployments. In addition, encryption technologies top the list of desired data security purchases in the next year, with 44 percent citing tokenization capabilities as the number one priority, followed by encryption with "bring your own key" capabilities.
“This year we found that organizations are dealing with massive change as a result of digital transformation, but this change is creating new attack surfaces and new risks that need to be offset by data security controls,” said Garrett Bekker, principal security analyst, information security, at 451 Research, and author of the study.
“But while times have changed, security strategies have not – security spending increases that focus on the data itself are at the bottom of IT security spending priorities, leaving customer data, financial information and intellectual property severely at risk," he added.
If security strategies aren’t equally as dynamic in this fast-changing threat environment, Bekker said, the rate of breaches will continue to increase.