Every CEO/CIO’s Worst Nightmare

Most organizations today are data-driven to one degree or another.  Companies that excel at creating value from their data are well-positioned for growth and prosperity. While data provides many insights that can benefit a business, that information comes at a price. A big chunk of corporate data includes personal, and often sensitive, information that belongs to others — customers, partners and employees.

To be sure, data is fast becoming a centerpiece of corporate value creation, and while it is difficult to quantify the precise monetary worth of data, — a data breach could cost them their jobs and take down their businesses.

Want to know what keeps CEOs and CIOs up at night? Start with cyber threats and data breaches.

Cyber threats and data breaches abound

Securing on-premise servers, networks, applications and systems is difficult. Today, increasing use of the cloud, ubiquitous mobility, emerging trends and technologies such as Cloud Environments, Internet of Things (IoT), Bring-Your-Own-Application (BYOA) and Bring-Your-Own Devices (BYOD) makes security infinitely more challenging and complex.

Cyber attacks and data breaches are on the rise this year, thanks in large part to the proliferation of affordable, customizable and accessible tools for cyber criminals. As reported in WSJ, the number of U.S. data breaches jumped to a record 791 in the first six months of 2017, according to the nonprofit Identity Theft Resource Center and data security firm CyberScout.

High-profile breaches at household-name companies such as Target, T.J. Maxx, Home Depot, Sony, and most recently, Equifax (among many others) have catapulted data security to the top of the board-level worry list.

Findings from a recent survey of security professionals published in CIO Insight illustrate the concern over the increasingly varied and numerous types of cyber threat:

• Unauthorized access: 67%
• Data leakage/external sharing of data: 65%
• Denial of service attacks: 52%
• Insecure interfaces/APIs: 48%
• Posting confidential data by insiders: 33%
• Foreign state-sponsored cyber-attacks: 32%
• Abuse of cloud services: 32%
• Malware injection: 31%

The high costs of cyber crimes

It’s not easy to pinpoint the total cost of cyber crimes, in part because industrial espionage and other crimes often go undetected or unreported for years. When crimes are identified, there are numerous indirect costs to calculate on top of the direct damage organizations suffer. And those indirect costs, such as post-attack revenue loss, may go on for years. With that said, estimates of the costs of cyber crimes are now reaching into the trillions of dollars — and rising.

• According to the British insurance company Lloyd’s, cyber attacks cost organizations as much as $400 billion in 2015.
• Juniper Research predicts that data breaches will cost $2.1 trillion globally by 2019, which is almost four times more than in 2015.
• The impact of cyber threats is rising in the US, with the average cost of a data breach now over $7 million according to research by the Ponemon Institute, as reported in BusinessInsider.

Spending on security soars

As the number of reported data breaches continues to blitz companies around the globe, IT budgets are ballooning to combat what corporations see as their greatest threat:

• According to a CRN survey, 80% of CIOs plan on increasing spending on security technology in 2017.
• A survey conducted by Nomura Holdings, an Asian financial services group with a network spanning the globe, found that 82% of CIOs cite security as the main investment priority this year (CIODive).
• According to Gartner, worldwide spending on Information Security will reach $90 billion in 2017.

Traditional perimeter-based security tools do little to protect cloud workloads. Securing data and applications that reside in the cloud requires a different approach than a traditional on-premise environment. It is increasingly critical to apply new security approaches as more mission-critical applications and high-value data and intellectual property move to the cloud. Accordingly, experts predict strong spending on cloud security over the years ahead:

• Growth in worldwide cloud-based security services will reach $5.9 billion in 2017, up 21% from 2016, and will reach close to $9 billion by 2020, according to Gartner.
• MarketsandMarkets expects the cloud security market to grow from $4.09 billion in 2017 to $12.73 billion by 2022, at a CAGR of 25.5%.
• The cloud security market will grow from $1.5 billion in 2017 to $3.5 billion in 2021, according to Forrester.

Oracle is getting bigger on security (cloud and otherwise)

A longtime leader in technology and information security, Oracle’s security solutions align people, processes, and technology with integrated, defense-in-depth security features at every layer of the computing stack, providing a complete approach to security that incorporates preventive, detective, and predictive controls, along with artificial intelligence and machine learning to enable actionable security intelligence. Oracle provides a complete identity and security solution for secure access and monitoring of any hybrid cloud environment and addresses governance and compliance requirements.

Oracle Security products incorporate powerful preventive and detective security controls, including transparent data encryption, encryption key management, privileged user and multifactor access control, data classification and discovery, database activity monitoring and blocking, consolidated auditing and reporting, and data masking. Oracle security solutions deliver an identity SOC providing actionable intelligence and bi-directional control through a combined offering of various security solutions –  Database Security, Identity and Access Management, Governance, IDaaS, API Security, Entitlement, SIEM, UEBA and CASB.

At OpenWorld 2017, Oracle announced that the first Autonomous Database Cloud for data warehouse workloads will be available in the calendar year. The Autonomous Database Cloud eliminates the human labor (and error) associated with tuning, patching, updating and maintaining the database, delivering unprecedented availability, performance, and security — at a significantly lower cost.

Oracle’s complete, integrated, next-generation identity management platform provides breakthrough scalability with an industry-leading suite of identity and access management (IAM) solutions for on-premises or hybrid cloud, making leading security technologies available everywhere to organizations large and small and enabling organizations to implement and manage consistent security policies across hybrid data centers.

Oracle’s Identity and Access Management-as-a-Service (IDaaS) solution, Identity Cloud Service (IDCS), was rated at the top of the industry within a year of its launch and was featured as the leader in Gartner’s latest MQ for Access Management. The product is an Oracle home-grown, open and standards-based solution,  is easy to integrate and is extremely price-competitive.

Oracle CASB Cloud Service is a multimode cloud access security broker (CASB) that provides advanced threat analytics using user behavior analytics (UBA) and third-party feeds, configuration seeding, monitoring and alerts, and Shadow IT discovery. It provides features such as Threat Detection, Predictive Analytics, Automated Incident Response and Security Configuration Management. Oracle CASB adoptions are extremely high for other Cloud applications such as Salesforce and AWS.

Oracle Security Monitoring and Analytics (SMA) Cloud Service is an integrated SIEM and UEBA solution for rapid detection, investigation, and remediation of a broad range of security threats and attacks across IT. Oracle’s Identity-based Security Operations Center (SOC) framework provides comprehensive monitoring, threat detection, analytics, and remediation tools across hybrid environments that include on-premises and cloud resources. Oracle security cloud services are designed to unify threat, user, and operational data from multiple sources.

A managed security operations center (SOC) is in your future

Corporate thinking on public cloud security has pretty much reversed over the past few years. IT executives once viewed this shared computing and storage infrastructure as their least trustworthy option. But now they see it as the safest choice, as evidenced by both the rate of public cloud adoption and the increasing mission-criticality of cloud workloads through Cloud IaaS, PaaS or SaaS.

This only makes sense given the vast wealth, resources and expertise public cloud providers have at their disposal to apply to security, not to mention the motivation that comes with the realization that their very existence hinges on their ability to secure and protect customer data. It is no surprise that world-class security has become a core competency and value proposition of most major cloud providers.

In the past, CIOs were reluctant to move their companies’ sensitive data to the cloud because of security concerns. Now security is a compelling reason to move it onto the Cloud.

But here’s the rub: With increased cloud use comes increased anxiety over security, as CIOs come to grip with the fact that traditional security solutions either don’t work at all in the cloud or don’t work to satisfy the company’s required needs. In addition, there’s a glaring resource and skills gap. According to a recent CIODive survey, concern among IT leaders about the lack of resources and expertise in cloud security grew from 27% in 2015 to 32% in 2016.

While trust in cloud providers is growing, faith in internal IT’s ability to provide ironclad security and governance in a hybrid and multi-cloud environment is waning.

Moreover, employee-related security risk — which is beyond the purview of cloud providers — remains a top concern.

According to a new survey reported in DarkReading, more than half of organizations attribute a security incident or data breach to a malicious or negligent employee. 66% of the 601 data protection and privacy training professionals surveyed say their employees are the weakest link in their efforts to create a strong security posture.

According to leading industry and government reports, as reported by Identity Management Institute, over 90% of all cyber attacks are successfully executed with information stolen from employees who unwittingly give away their system ID and access credentials to hackers.

More than ever, today’s cloud-heavy IT environments require security-trained, certified professionals and innovative security tools to address the concerns of unauthorized access, data and privacy loss, and compliance.

Overwhelmed by the proliferation of attacks and attack vectors, confused by the array of vendor security solutions, and stymied by their inability to find and hire security experts, CIOs across industries are turning to third-party service providers such as AST for answers, and peace of mind.

Top reasons for engaging a managed services security partner (MSSP) include cost savings, access to skilled professionals, 24/7/365 protection, and proven security expertise.

A well-functioning security operations center (SOC) can form the heart of effective detection, enabling information security functions to respond faster, work more collaboratively and share knowledge more effectively.

At the core, a successful SOC is a strong foundation for operational excellence driven by well-designed and executed processes, strong governance, capable individuals and a constant drive for continuous improvement to stay ahead of cyber adversaries. A good SOC is one that supports business objectives and effectively improves a company’s risk posture. A truly effective SOC is one that provides a safe environment for the business to deliver on its core objectives in line with its strategic direction and vision.

Contact AST today to learn how our Oracle Cloud experts can help your organization better protect itself from cyber threats and data breaches by running a secured enterprise.