During our 13th Annual Computer and Enterprise Investigations Conference (CEIC) in May, we conducted a survey of more than 150 attendees from the security, law-enforcement, and e-discovery fields to get first-hand insights on shifting priorities in enterprise and government security teams. It was not a surprise that “length of time to resolve attacks” came in as the chief cybersecurity concern. In addition, 24 percent also said they were concerned about insider threats.
Information Security Under the “Assumption of Compromise”
Security teams are beginning to operate under the assumption that their organizations are already compromised. They are becoming increasingly aware that the longer a threat lurks unidentified in their environment, the greater the potential impact in terms of productivity loss, revenue loss, and the expense of remediation. As organizations face the increasing risk of data theft, escalating response costs and damage to their reputation, one of their chief concerns is length of time an attack is left unidentified and unresolved.
Organizations are replacing outdated incident response methods involving home-grown tools coupled and manual investigation with automated detection and incident response products, such as EnCase Cybersecurity and EnCase Analytics, to reduce the gap between detecting an incident and mobilizing a rapid response.
Organizations are also cracking down on BYOD. Just over half (51 percent) of survey participants said their companies allow employees to bring their own devices to work, a sharp decline from the previous year's results (78 percent). Thirty-two percent of respondents said their companies ban usage of non-company devices for work-related tasks, which was up from 22 percent in 2012.
BYOD concerns that are driven by the assumption of compromise are further aggravated by the reality of a “vanishing perimeter.” Encouraged by liberal BYOD policies, employees are bringing their own devices to work, equipped with non-standard applications and personal data. Often these devices lack adequate security measures. As a consequence, what was previously understood by infosec teams as the “enterprise perimeter” has begun to dissipate and, at times, disappear entirely.
Regarding the impact the cloud would have on their organizations’ e-discovery processes, 38 percent of the respondents said they expected it would result in more complicated data collections, which was down from 54 percent in 2012.
The CEIC Survey results demonstrate that organizations are increasingly concerned about the ability to adequately protect their infrastructure using traditional security methods.
Call for Speakers at CEIS 2014: In 2014,CEIC will be held in Las Vegas from May 19 to the 22. If you are interested in attending or speaking, please visit the CEIC website. What will the big trends be next year? We look forward to seeing you there and continuing the discussion.