Privacy, cloud and evolving threats: a survey of Forcepoint customer cybersecurity concerns

In preparation for our upcoming
2019 Forcepoint Cybersecurity Predictions Study
(check out the 2018 report here), Forcepoint surveyed our customers to observe the security bug they’ve experienced this twelvemonth and their concerns for 2019. Over ii weeks in early October, we worked with TechValidate to survey 1,023 customers from 75 countries effectually the world. The respondents’ titles ranged from It Professionals to CIOs and CEOs in 40 industries from Agriculture to Telecom to Government.

Privacy and GDPR were Large in 2018

When asked nearly their cybersecurity issues in 2018, “privacy” was named as the superlative concern with 56% of respondents citing this[i]. Additionally, 59% said their customers or employees raised privacy concerns.[ii] Yet, while privacy was the top issue, it’s non universal amid our customers or their users and clients. That could alter with the ongoing privacy concerns around social media companies, such every bit the Facebook breach in September 2018.

Potentially i reason companies focused on privacy in 2018 was that it was the “year of GDPR.” “Getting ready for GDPR or other legislation” came in third and was cited by 37% of respondents as a security issue they faced in 2018. When asked about training for GDPR, 86% stated they were at least “prepared.”[three] 14% were “not prepared” and if they haven’t addressed that issue by the stop of 2018 it will likely be an ongoing business in 2019.

[Suggested resource: GDPR Resource Pack]

We as well asked if workplace monitoring was discussed in their organizations and 84% said it was. [iv]  The summit concern raised in those discussions was “who sees the data that is collected” with 49%, and 38% were concerned nearly “infringement of personal privacy”—further demonstrating the focus on privacy.

Cloud Migration Continues to Cause Business organisation

The second most common security issue experienced in 2018 was “security when moving assets or data to the cloud” with 41%. It looks to be a continuing business with 94% of respondents maxim it’s an important upshot for their organization.[v]

When asked most the level of security provided by cloud vendors, 92% said they were concerned and 58% are looking for trustworthy providers with a strong reputation for security – this contingent will be unlikely to choose unproven or unknown cloud startups for their data.[vi]

Surprisingly, almost xx% were not concerned about security in their cloud providers, stating that “most or all cloud vendors provide the security we need for our information.” This confidence may exist misplaced as we’ve seen companies and regime entities that use cloud storage feel data leaks similar the exposure of millions of customers’ personal information by Dow Jones & Co. after a public deject configuration error or the recent Salesforce Marketing Cloud API glitch. While vendors may evangelize basic security, information technology’s all the same up to companies to ensure that their data is safe. This is even more critical as additional regulations around data privacy are enacted.

[Suggested resources: Pace by step guide to defining policies for cloud compliance]

Worries about Critical Infrastructure

While deject storage and applications are becoming more and more central to companies’ operations, some infrastructure has always been business concern disquisitional, and oftentimes outside IT’s control. Later on 2017’southward devasting NotPetya attack affected infrastructure across the earth, we found that 88% of respondents are concerned most potential attacks on the critical infrastructure (CI) their organization relies on (such as manufacturing facilities, transportation systems, financial services or energy supplies). [vii]  8% are non concerned which could be a role of the fact that Information technology has traditionally not been responsible for infrastructure security or confidence that their CI is secure.

Finding Residual in the Cybersecurity Future

Between responding to new regulations, enacting controls to ensure privacy, migrating data and operations to the cloud, and worrying virtually future attacks on infrastructure, many professionals are nonetheless grappling with daily Information technology challenges. We heard numerous comments about the ongoing difficulty of balancing the access their employees need to be productive with maintaining security.

A director at a medium enterprise financial services company said, “We continue our network locked down by default, just the new generation of employees (and product vendors) seem to think that the unabridged internet is open and bachelor at all times, social media, cloud, etc. At that place is a constant struggle of allowing just plenty access to get work done but keep everything monitored and access blocked where necessary.”[viii] “In 2019, we are concerned with keeping our organization secure without limiting our ability to provide seamless access to information and applications that our users demand,”[ix] said a senior systems engineer from a mid-size healthcare facility.

Adapting to Evolving Threats and the Ongoing Challenge of Human being Behavior

The constant footstep of change in attacks, such as more sophisticated ransomware and phishing attacks, is making this balance more than difficult. 99% of our respondents identified “evolving cyber attacks” as an important security issue for their organization.[x]

A senior Information technology architect at an South&P 500 hospitality visitor said, “I am concerned about APT and insider threats, considering they are constantly evolving.”[xi] We also heard that “Hacker attacks are changing with each passing twenty-four hour period”[xii] and business concern nigh the rising of phishing emails targeting specifically the finance department. In order to address these threats respondents are looking for active security tools that tin conform to the pace of modify.

They’re besides struggling with how to ensure their employees and users not fall victim to the bait. Nosotros heard multiple comments about human error. An engineer from a medium enterprise health care company said, “Data theft and ransomware seem to still be high on our priority list. User instruction on social engineering seems to be the weakest point.
It is hard to protect against the human element.”[xiii] Some other respondent said, “Human mistakes are the biggest challenge
and will always be a major issue.”[xiv]

With the multitude of demands and responsibilities cybersecurity professionals told us they face, we expect our customers to rely on solutions that provide the power to scale and adapt. 99% of respondents say “understanding employee behavior is important to ensuring security”[xv] which is 1 style to brand security functions more efficient and effective. Forcepoint’s human being-behavior-focused cybersecurity strategies assist our customers address the challenges they face today and gear up for the threats all the same to come.