This document summarizes a presentation on data protection trends and maturity. It discusses evolving threats like BYOD and advanced persistent threats. A survey found that most organizations struggle with administrative, technical, and motivational controls related to data protection. A maturity model was presented with levels ranging from ad hoc to optimal for areas like security policies, enforcement, and employee education. Recommendations included creating comprehensive policies, implementing robust technical controls, and providing ongoing security training.
7. Increasing Threats Landscape
Source: New Report Out of Taiwan Says Prepare For APT Warfare,
by Paul Henry in Optimal Security (Lumension) blog (15-Aug-2012)
7
8. Evolving Organizational Landscape
• According to the Ponemon Institute, 58% of organizations have more
than 25 malware incidents each month, and another 20% are unsure
how many incidents they’re dealing with.1
• The data breaches reported in 2012 increased almost 35% over 2011,
according to datalossdb.org.2
• The average cost of a data breach
was about $194 per record in 2011;
of this, about 70% were indirect
costs such as lost business, cus-
tomer churn, etc.3
• About 70 – 80% of an organization’s
market value is based on intangible
assets such as IP.4
1. Ponemon Institute, 2013 State of the Endpoint (Dec-2012)
2. Based on data retrieved 11-Jan-2013.
3. Ponemon Institute, 2011 Cost of Data Breach Study (Mar-2012)
4. Ocean Tomo, http://www.oceantomo.com/about/intellectualcapitalequity
8
9. Uncertain Regulatory Landscape
Regulatory
• An effort is underway to modernize the European Union framework for
data protection rules (GDPR)
• In the United States …
» we see continued pressure from the States on the data protection front
» on the Federal front, some are holding out hope for a comprehensive
Cybersecurity Act, or an equivalent Executive Order
» for public companies, we now have SEC guidance on cyber risks
• Elsewhere, we see continued legislative action on data protection
» examples include: Colombia, Italy and Philippines
Industry
• Next PCI-DSS update scheduled for Oct-2013
• NERC CIP 5 scheduled for vote in Apr-2013
• Impact of legislation on FFIEC, NCUA, OCC, etc.
9
11. Discovering the State of Data Protection
Worldwide Data Protection Maturity Assessment Survey
• Anonymous Results
• Over 406 Initial Respondents
• Respondent Screening
Three areas of focus
• Administrative Controls
• Technical Controls
• “Organizational Motivation”
11
23. Rising to the Challenge
Creating Policies
• Ad Hoc: Minimal or No Security Policies
• Optimal: Comprehensive & Exhaustive
Enforcing Policies
• Ad Hoc: Limited Technical Controls
• Optimal: Robust Technical Controls
Educating Staff
• Ad Hoc: One-Time or No Training
• Optimal: On-Going, Formal Training
23
24. More Information
• Free Security Scanner Tools • Get a Quote (and more)
» Application Scanner – discover all the apps http://www.lumension.com/
being used in your network endpoint-management-security-suite/
» Vulnerability Scanner – discover all OS and buy-now.aspx#2
application vulnerabilities on your network
» Device Scanner – discover all the devices
being used in your network
http://www.lumension.com/Resources/
Security-Tools.aspx
• Lumension® Endpoint Management
and Security Suite
» Demo:
http://www.lumension.com/endpoint-
management-security-suite/demo.aspx
» Evaluation:
http://www.lumension.com/endpoint-
management-security-suite/free-trial.aspx
24
25. Global Headquarters
8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
info@lumension.com
http://blog.lumension.com