2014 Security Breaches Report
November 6, 2014 | DevOps | Kevin O'Brien
In 2013, “84 percent of CEOs and 82 percent of CIOs stated that they believed that their cybersecurity programs were currently effective” (source). 2014 security breaches, or at least those that were known about, rose 62% in comparison to the year prior.
More of the same isn’t working.
A security education vendor released an infographic this week that pointed out that the cybersecurity space is facing a dual challenge: there are simultaneously more advanced attacks taking place than ever before, but also fewer trained professionals who can address them, and downward pressure on the educational system that is supposedly training the next generation of InfoSec experts.
In 2014, the average detection times for advanced persistent attacks rose to just under eight months. The net cost to the US economy of known breaches rose to $3 trillion. In spite of this, 62% of organizations haven’t invested in cybersecurity training programs in 2014, at all; 1 in 3 security teams aren’t familiar with how to defend against advanced hacking attempts against their systems and organizations.
It’s a bleak picture.
Going into Battle with The Army You Have
In a sense, cybersecurity is a resource allocation problem. Addressing the risks requires a combination of understanding and minimizing the threat surface, building a robust and fault-tolerant detection and prevention system into your infrastructure, and ensuring that you have world-class audit and response mechanisms in place to minimize the time and cost of dealing with issues as they arise.
As infrastructure changes, the best practices for “baking in” security are also evolving. Over the course of the past few months, we’ve spent a significant amount of time working with our partners and customers on how to build out a strong security model for highly automated infrastructure. Three consistent themes have emerged from those discussions: the need for good permissions management, strong secrets storage and distribution, and robust audit and compliance:
In other words, a model is emerging for securing modern infrastructure: