- While the majority of organizations utilize advanced technology for sensitive data, including cloud, IoT, and big data, those same entities might not be implementing appropriate data security solutions, according to a recent survey.
Lagging cloud security measures, or even IoT security measures, could negatively impact organizations across numerous industries, including healthcare.
The 2017 Thales Data Threat Report, Advanced Technology Edition found that 93 percent of respondents will use sensitive data in an advanced technology (i.e cloud, IoT, Software-as-a-Service). However, 63 percent reported that their organization is deploying such technologies ahead of having the necessary security solutions in place.
"Most major cloud providers have larger staffs of highly-trained security professionals than any enterprise, and their scalability and redundancy can provide protection from the kinds of DDOS attacks that can plague on-premises workloads,” said Garrett Bekker, principal analyst for Information Security at 451 Research, which helped issue the report. “Perhaps, as a result of the recognition of these public cloud security realities, security concerns overall for public cloud are waning."
The healthcare edition of the Thales Data Threat Report, Trends in Encryption and Data Security found that four of five data security controls are driven by cloud and SaaS. This includes third-party key or Bring Your Own Key (BYOK), cloud access security brokers (CASB), and enabling cloud encryption.
Those types of security deployments will be rolled out in the next 12 months, the report found.
With current IT security implementations, 78 percent of healthcare respondents said they are using database or file encryption. Seventy-seven percent reported that their organization is utilizing data activity monitoring, while 73 percent said they are using multifactor authentication.
For healthcare specifically, 60 percent of healthcare respondents said that their entities deploy new technologies prior to implementing appropriate levels of data security.
Furthermore, 90 percent of US healthcare organizations stated that they feel a level of vulnerability when it comes to sensitive data threats. Approximately half of those same entities – 55 percent – said that they had experienced a data breach at any time in the past, while 20 percent said they had experienced on in 2017. Eighteen percent said they had experienced a data breach in 2016.
However, healthcare is also increasing its IT security spending, according to researchers, growing by 81 percent. The next highest vertical of growth was in financial services, with a 78 percent increase.
The highest areas of healthcare spending increases were in network security. Ninety-two percent of healthcare organizations reported that network security is very or extremely effective at protecting data, a 14 percent increase from 2016.
Furthermore, approximately two-thirds of those respondents believe endpoint protection is either very or extremely effective at protecting data.
In terms of the most dangerous types of insider threats, 61 percent of healthcare organizations said that privileged users posed the greatest danger to valuable data (i.e. PII, PHI, financial data). Forty-six percent of respondents said executive management posted the largest insider threat, while 33 percent reported that contractors were the greatest insider threat.
These survey findings are similar to those published in the 2017 Thales Data Threat Report earlier this year. In the first report, researchers found that companies are prioritizing network and endpoint solutions over encryption.
Specifically, 73 percent of organizations in numerous industries increased IT security spending for 2017, an increase from the reported 58 percent doing so in 2016.
Forty-four percent of respondents said meeting compliance requirements was their top spending priority, 38 percent of those surveyed reported that best practices were a key factor.
As more organizations utilize new technologies for data storage, transfer, and processing, traditional perimeter-based security controls, legacy network, and endpoint protection solutions are becoming increasingly less relevant, according to researchers.
"Enterprises today must inevitably confront an increasingly complicated threat landscape. Our world, which now includes the cloud, big data, the IoT and Docker, calls for robust IT security strategies that protect data in all its forms, at rest, in motion and in use,” Thales e-Security VP of Strategy Peter Galvin said in a statement. “Businesses need to invest in privacy-by-design defense mechanisms – such as encryption – to protect valuable data and intellectual property and view security as a business enabler that facilitates digital initiatives and builds trust between partners and customers."