2013 Data Protection Maturity Trends: How Do You Compare?
Today’s Agenda
Data Protection Trends
Aspects of Data Protection: The Survey Says …
A Model of Data Protection Maturity
Recommendations
Today’s Panelists
3
Paul HenrySecurity Consultant, Author
and Columnist
Chris MerrittDirector of Solution Marketing
Lumension
Data Protection Trends
5
Changing IT Network Landscape
Source: Is BYOD Right for Your Small Business? by Melinda Emerson, PGi blog (24-Oct-2012)
6
Increasing Threats Landscape
Source: Expect a wave of Java applet attacks: Microsoft by Liam Tung, CSO Online (19-Nov-2012)
7
Increasing Threats Landscape
Source: New Report Out of Taiwan Says Prepare For APT Warfare, by Paul Henry in Optimal Security (Lumension) blog (15-Aug-2012)
8
Evolving Organizational Landscape
• According to the Ponemon Institute, 58% of organizations have more than 25 malware incidents each month, and another 20% are unsure how many incidents they’re dealing with.1
• The data breaches reported in 2012 increased almost 35% over 2011, according to datalossdb.org.2
• The average cost of a data breach was about $194 per record in 2011;of this, about 70% were indirect costs such as lost business, cus-tomer churn, etc.3
• About 70 – 80% of an organization’smarket value is based on intangibleassets such as IP.4
1. Ponemon Institute, 2013 State of the Endpoint (Dec-2012)2. Based on data retrieved 11-Jan-2013.3. Ponemon Institute, 2011 Cost of Data Breach Study (Mar-2012)4. Ocean Tomo, http://www.oceantomo.com/about/intellectualcapitalequity
9
Uncertain Regulatory Landscape
Regulatory• An effort is underway to modernize the European Union framework for
data protection rules (GDPR)• In the United States …
» we see continued pressure from the States on the data protection front» on the Federal front, some are holding out hope for a comprehensive
Cybersecurity Act, or an equivalent Executive Order» for public companies, we now have SEC guidance on cyber risks
• Elsewhere, we see continued legislative action on data protection» examples include: Colombia, Italy and Philippines
Industry• Next PCI-DSS update scheduled for Oct-2013• NERC CIP 5 scheduled for vote in Apr-2013• Impact of legislation on FFIEC, NCUA, OCC, etc.
Aspects of Data Protection: The Survey Says …
11
Discovering the State of Data Protection
Worldwide Data Protection Maturity Assessment Survey• Anonymous Results • Over 406 Initial Respondents • Respondent Screening
Three areas of focus• Administrative Controls• Technical Controls • “Organizational Motivation”
12
Administrative Controls
13
Administrative Controls
Technical Controls
14
Technical Controls
15
Technical Controls
16
Organizational Motivation
17
Organizational Motivation
18
Organizational Motivation
19
A Data Protection Maturity Model
A Model for Data Protection Maturity
21
Data Protection Maturity Results
22
Rising to the Challenge
23
Creating Policies• Ad Hoc: Minimal or No Security Policies• Optimal: Comprehensive & Exhaustive
Educating Staff• Ad Hoc: One-Time or No Training• Optimal: On-Going, Formal Training
Enforcing Policies• Ad Hoc: Limited Technical Controls• Optimal: Robust Technical Controls
More Information
• Free Security Scanner Tools» Application Scanner – discover all the apps
being used in your network» Vulnerability Scanner – discover all OS and
application vulnerabilities on your network » Device Scanner – discover all the devices
being used in your network
http://www.lumension.com/Resources/Security-Tools.aspx
• Lumension® Endpoint Management and Security Suite» Demo:
http://www.lumension.com/endpoint-management-security-suite/demo.aspx
» Evaluation: http://www.lumension.com/endpoint-management-security-suite/free-trial.aspx
• Get a Quote (and more)http://www.lumension.com/endpoint-management-security-suite/buy-now.aspx#2
24
Global Headquarters8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
http://blog.lumension.com