webinar:
hidden threats
and the 2017
cyber threat
defense report

About The Cyberthreat Defense Report
❑ 27-question online survey conducted in
Nov 2016
▪ IT security decision maker or practitioner
▪ Employed by organization with at least 500
employees
❑ Survey designed to assess:
▪ Organization’s security posture
▪ Perceptions of cyberthreats and security
defenses
▪ Current and future IT security investments
▪ IT security practices and strategies
2

Survey Demographics
3
Respondents by employee countRespondents by country
1,100 respondents | 15 countries | 19 industries

Steadily Rising Cyberattacks
4
79% were affected by a successful
cyberattack in 2016…
Percentage compromised at least onceFrequency of successful attacks

Cyberthreat Migraines
5
Malware and spear-phishing are always top of
mind. Overall concern is rising!
Overall concern
for cyberthreats
is rising!

Feeling Ransomware’s Pain
6
Data loss and productivity loss
are of greatest concern. Losing
revenue isn’t.

Responding to Ransomware
Percentage affected by ransomware in 2016
61% of organizations affected by ransomware
globally. Thankfully, most (54%) recovered their
data without paying the ransom.

Room for Improving Office 365 Security
8
Only 1 in 3 is truly confident with Microsoft’s
available Office 365 protections, opening the
door to third-party solutions.

Biggest Obstacles to “Being Secure”
“Low security
awareness among
employees” is the
biggest obstacle
for the fourth
consecutive year.
When will the
industry take
notice?

App and Data Security Deployment Plans
10
App security testing, app vulnerability
scanning, and deception technology
are most sought after in 2017.

Threat Intelligence Practices
Blocking more threats remains the dominant
use case for threat intelligence services.

CASB Deployment Use Cases
12
Preventing unwanted data disclosures
remains the number one use case for
deploying CASB technology.

Overcoming the IT Security Skills Shortage
13
Nine out of 10 organizations are affected by
the skills shortage. Most (51%) are
leveraging external vendors and contractors.
Percentage
affected by the IT
security skills
shortage, by
industry

Key Take-Aways
❑ Successful cyber attacks are rising!
▪ 79% affected in 2017 vs. 62% in 2014
❑ Malware is the biggest headache for IT security teams
▪ Followed by phishing and insider threats
❑ Ransomware is a significant issue
▪ 61% of organizations affected
▪ One-third paid the ransom
▪ More than 13% lost their data
❑ CASBs are among the top investments planned for 2017
▪ Address a growing area of concern
▪ Rich feature set provides a lot of coverage/capabilities
14

poll:
what are your top
cloud security
concerns?

the traditional
approach to
security is
inadequate

enterprise
(CASB)
end-user devices
visibility & analytics
data protection
identity & access control
application
storage
servers
network
how does the solution differ from security built into
cloud apps?
app vendor

does the solution protect cloud data end-to-end?
■ Cloud data doesn’t exist only “in the cloud”
■ A complete solution must provide visibility
and control over data in the cloud
■ Solution must also protect data on end-
user devices
■ Leverage contextual access controls

can the solution control access from both managed &
unmanaged devices?
reverse proxy
■ unmanaged devices - any device, anywhere
■ no software to install/configure
forward proxy
■ managed devices - inline control for installed apps
■ agent and certificate based approaches
activesync proxy
■ secure email, calendar, etc on any mobile device
■ no software to install/configure

does the solution provide real-time visibility and
control?
■ Apply granular DLP to data-at-rest and upon access
■ Context-awareness should distinguish between users,
managed and unmanaged devices, and more
■ Flexible policy actions (DRM, quarantine, remove
share, etc) required to mitigate overall risk

does the solution protect against unauthorized access?
■ Cloud app identity management should
maintain the best practices of on-prem
identity
■ Cross-app visibility into suspicious access
activity with actions like step-up multifactor
authentication

secure
office 365
+ byod
client:
■ 35,000 employees globally
challenge:
■ Inadequate native O365 security
■ Controlled access from any device
■ Limit external sharing
■ Interoperable with existing infrastructure,
e.g. Bluecoat, ADFS
solution:
■ Real-time data visibility and control
■ DLP policy enforcement at upload or
download
■ Quarantine externally-shared sensitive
files in cloud
■ Controlled unmanaged device access
■ Shadow IT & Breach discovery
fortune 50
healthcare
firm

■ 15,000 employees in 190+ locations
globally
challenge:
■ Mitigate risks of Google Apps adoption
■ Prevent sensitive data from being stored
in the cloud
■ Limit data access based on device risk
level
■ Govern external sharing
solution:
■ Inline data protection for unmanaged
devices/BYOD
■ Bidirectional DLP
■ Real-time sharing control
secure
google
apps +
byod
business
data giant

about
bitglass
total
data
protection est. jan
2013
100+
customer
s
tier 1
VCs

resources:
more info about cloud security
■ whitepaper: the definitive guide to CASBs
■ report: cyberthreat defense
■ case study: fortune 100 healthcare firm secure
O365

bitglass.com
@bitglass