We asked professionals attending two of the world’s biggest cybersecurity conferences – RSA in San Francisco and Infosecurity in London – five questions to gauge their opinions and attitudes about current issues and concerns on everything from GDPR and the Facebook data scandal to cloud security. Read on to discover what we found after surveying folks who live and breathe security every day.
Question 1: Should the U.S. and/or individual states standardize data privacy laws (including the right to be forgotten)?
Companies around the world scrambled to locate and lock down their data as the highly anticipated EU GDPR deadline arrived on May 25, 2018. EU citizens welcomed the GDPR, gaining control of their data and flexing their data privacy muscles. For the first time, consumers could demand companies locate and delete their personal information with the GDPR’s “right to be forgotten” policy.
Get the Free Pentesting Active
Directory Environments e-book
The GDPR deadline brought a wave of “privacy policy warning” pop-ups. Websites big and small updated their privacy policies to accommodate the new guidelines to cover their bases. While many organizations are still figuring out what it takes to comply, some U.S. states, such as California, are getting a serious case of GDPR envy and crafting data privacy laws modeled after the EU legislation. This is only the beginning and more states will likely follow with laws of their own.
Our survey found that 90% of cybersecurity professionals believe the U.S. and individual states should standardize data privacy laws. New data laws could be game changers for organizations of all sizes: Most companies are not equipped to handle the influx of consumer requests and meet their new data obligations under these new laws.
Question 2: In the wake of the Facebook/Cambridge Analytica news, will you continue to use Facebook?
When Facebook and Cambridge Analytica were caught red-handed harvesting and misusing personal data of 87 million users – in violation of its own terms and conditions – some expected a backlash against the social media giant.
Despite the recent controversy, 54% of security pros plan to continue to use Facebook. However, many may be starting to think before they “like,” or delete accounts entirely, with 42% of security pros stating they’ve stopped using Facebook (21%) or don’t use Facebook (21%).
Question 3: Where would your organization’s proprietary information and customer data be best protected from insider threats and cyberattacks?
While “cloud” is one of the biggest security buzzwords of 2018, the reality is most organizations follow a hybrid model and store their data both on-premises and in the cloud.
Recent attacks have shown that organizations can’t put all their eggs in the cloud basket and trust that their data is safe. For example, unsuspecting administrators from companies like FedEx, the Republican National Committee and Accenture all left important data exposed on Amazon Web Services S3 buckets – demonstrating that the cloud is still vulnerable when basic security principles aren’t followed.
Got cloud? Not so fast: 40% of respondents believe their data is best protected from insider threats and cyber attacks in on-premises data stores. 23% of cybersecurity professionals believe their organization’s proprietary data is safest in cloud data stores. 34% of respondents said it doesn’t matter where data stored.
Question 4: Does your organization keep Bitcoin in reserve to pay off attackers?
When the cold, hard (digital) cash became hackers’ preferred payment method after hitting victims with ransomware, companies started to stockpile Bitcoin for fast access to get their data back – or were they?
Following the monumental WannaCry ransomware attack, which cost organizations around the world (by some estimates) nearly $4 billion in losses, organizations aren’t seeing the need to saving the controversial cryptocurrency for a rainy day. The vast majority — 84% of respondents — stated that their organization doesn’t keep Bitcoin on hand. Just 13% of cybersecurity professionals are saving Bitcoin for a possible attack.
Question 5: Is your organization better at protecting itself from cybersecurity threats than it was one year ago?
A lot can happen in a year: a plethora of social media breaches, a continued surge in cloud migrations, the introduction of several new data-privacy laws, and more. According to respondents, more than half (64%) believe they are in better cybersecurity shape than last year, while 16% say they’re doing about the same at warding off attacks.
Are organizations overly confident in their security? Some companies may be overdue for a reality check: Earlier this year, we found that 58% of organizations have more than 100,000 folders with sensitive open to all employees – putting them at risk from insider attacks, ransomware and other threats.
Is your organization at risk? Contact us today for a free Data Risk Assessment.
What should I do now?
Below are three ways you can continue your journey to reduce data risk at your company:
Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.
See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.
Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.