Internal process issues top the list of reasons for security breaches #
With "Internal process issues" topping the list of reasons for security incidents, factors like well-structured policy and controls, employee training, encryption at rest, secure passwords, vetting third-party vendor access, and others should gain renewed importance among organizations.
DDoS attacks ranks first in the list of security issues faced in the last 12 months #
Numerous respondents reported that they faced no security attacks in the last 12 months. This demonstrates that businesses are adapting to the new threat landscape and have identified and filled holes in their cyber security strategy. However, common types of cyberattacks like DDoS continue to be a problem.
Insufficient logging & monitoring tops the list of OWASP web application security risks #
The big question! Is there a consensus between the OWASP top 10 awareness document and the data collected from the respondents? Top web application security risks like injection flaws, broken authentication, and sensitive data exposure are prevalent across all regions. However, it is insufficient logging and monitoring, which takes the top spot in some regions.
Cloud security tops the list of various cyber security investment areas #
The data suggests that vulnerability around cloud-based services is still driving organizations to invest in security solutions that can help improve their security posture in every stage of the cloud journey— from migration to production.
With the threat landscape constantly evolving— from traditional IT assets to new areas like IoT—the need to spend on an unified threat management service that could enhance security operations capabilities also seems pretty apparent. Finally, software which ensures every user has the right level of access to data is another avenue that organizations are looking to spend.
Robust password policies tops the list of recommendations to mitigate infrastructure security risk #
Ensuring the security of network infrastructure is no easy task. With so many components, and evolving cyber attacks, a single preventive measure to protect the network from unauthorized access may not be the right approach. The responses we received seem to mirror the same. Regular network intrusion testing, updating security patches immediately, VPNs to help with access controls, stronger passwords, and more were some of the top measures teams were employing.
Web application firewalls tops the list of recommendations to mitigate application security risk #
Not just network security, application security isn't a single headed monster either and the respondents approach to tackle this remains equally multi-faceted. This includes web application firewalls (WAFs), penetration testing, DDoS protection mechanisms and more.