Fundamental changes are occurring in the way enterprises protect their data. That is according to a survey of corporate information security practitioners, by Ari Kaplan Advisors, published by Nuix.
Ari Kaplan, the report’s author and principal researcher, said: “Our goal was to capture a broad range of perspectives to help corporate information security leaders navigate this dynamically shifting landscape. What we found was an effort to balance breach prevention with post-breach remediation. We also noted increasing collaboration between security specialists and data owners, and a growing tension between enhancing productivity and strengthening security.”
The report showed strong consensus among infosec security people that “perimeter defence is no longer a sufficient information security strategy.” Nearly three-quarters (73 per cent) of respondents said their cyber-security needs had changed in the past 12 months and 69 per cent said they expected them to change again in the next year. As a result, 27 per cent of respondents said they formally reassessed their cybersecurity needs quarterly, and a further 31 per cent did so annually.
The report found that information security officers and data custodians would need to share responsibility for “knowing where different pieces of sensitive information were kept and ensuring that they were stored securely.” This required partnering with “eDiscovery, in-house counsel, records management, and information governance.” Such collaboration was a daily event for 23 per cent of survey participants, and at least monthly for 54 per cent.
The increasing use of mobile and personal devices to access corporate systems have “expanded the perimeter beyond what any corporate can control, introducing threats that you cannot fully monitor,” one respondent explained. But while 96 per cent of respondents said their companies allowed remote access to systems, only 69 per cent had formal “bring your own device” policies; the remainder allowing such activity to go unmanaged.
Respondents also reported needing to balance these new security challenges with business needs to “enhance productivity, promote workplace flexibility, and improve the customer experience.”
Dr Jim Kent, Nuix’s Global Head of Investigations and Cybersecurity, said: “This report confirms and clarifies what we’ve been hearing in the marketplace, that information security is undergoing a profound change and entering a new phase. We’ll be very interested to see how this transformation works its way through the business community as we repeat this benchmarking survey next year and into the future.”
About the report
The report Defending Data: An Inside Look at How Corporate Security Officials Are Navigating a Constantly Shifting Information Landscape was written by Ari Kaplan Advisors and sponsored by Nuix. It involved interviews of 26 corporate information security practitioners and four people with experience across thousands of security breach investigations. The report is available from www.nuix.com/defending-data.
Report author Ari Kaplan will discuss the survey findings and their implications for information security with Dr Kent, Amie Tahl, Vice President of Security and Investigations at Deutsche Bank, Mike Kennemer, Global Security Architect at Celanese, and Nuix’s Chief Technical Officer Stephen Stewart in a webinar on December 3, at 4pm GMT (UK). To register, visit www.nuix.com/defending-data-webinar.
