2013 Data Protection Maturity Trends: How Do You Compare?

Today’s Agenda

Data Protection Trends

Aspects of Data Protection: The Survey Says …

A Model of Data Protection Maturity

Recommendations

Today’s Panelists

3

Paul HenrySecurity Consultant, Author

and Columnist

Chris MerrittDirector of Solution Marketing

Lumension

Data Protection Trends

5

Changing IT Network Landscape

Source: Is BYOD Right for Your Small Business? by Melinda Emerson, PGi blog (24-Oct-2012)

6

Increasing Threats Landscape

Source: Expect a wave of Java applet attacks: Microsoft by Liam Tung, CSO Online (19-Nov-2012)

7

Increasing Threats Landscape

Source: New Report Out of Taiwan Says Prepare For APT Warfare, by Paul Henry in Optimal Security (Lumension) blog (15-Aug-2012)

8

Evolving Organizational Landscape

• According to the Ponemon Institute, 58% of organizations have more than 25 malware incidents each month, and another 20% are unsure how many incidents they’re dealing with.1

• The data breaches reported in 2012 increased almost 35% over 2011, according to datalossdb.org.2

• The average cost of a data breach was about $194 per record in 2011;of this, about 70% were indirect costs such as lost business, cus-tomer churn, etc.3

• About 70 – 80% of an organization’smarket value is based on intangibleassets such as IP.4

1. Ponemon Institute, 2013 State of the Endpoint (Dec-2012)2. Based on data retrieved 11-Jan-2013.3. Ponemon Institute, 2011 Cost of Data Breach Study (Mar-2012)4. Ocean Tomo, http://www.oceantomo.com/about/intellectualcapitalequity

9

Uncertain Regulatory Landscape

Regulatory• An effort is underway to modernize the European Union framework for

data protection rules (GDPR)• In the United States …

» we see continued pressure from the States on the data protection front» on the Federal front, some are holding out hope for a comprehensive

Cybersecurity Act, or an equivalent Executive Order» for public companies, we now have SEC guidance on cyber risks

• Elsewhere, we see continued legislative action on data protection» examples include: Colombia, Italy and Philippines

Industry• Next PCI-DSS update scheduled for Oct-2013• NERC CIP 5 scheduled for vote in Apr-2013• Impact of legislation on FFIEC, NCUA, OCC, etc.

Aspects of Data Protection: The Survey Says …

11

Discovering the State of Data Protection

Worldwide Data Protection Maturity Assessment Survey• Anonymous Results • Over 406 Initial Respondents • Respondent Screening

Three areas of focus• Administrative Controls• Technical Controls • “Organizational Motivation”

12

Administrative Controls

13

Administrative Controls

Technical Controls

14

Technical Controls

15

Technical Controls

16

Organizational Motivation

17

Organizational Motivation

18

Organizational Motivation

19

A Data Protection Maturity Model

A Model for Data Protection Maturity

21

Data Protection Maturity Results

22

Rising to the Challenge

23

Creating Policies• Ad Hoc: Minimal or No Security Policies• Optimal: Comprehensive & Exhaustive

Educating Staff• Ad Hoc: One-Time or No Training• Optimal: On-Going, Formal Training

Enforcing Policies• Ad Hoc: Limited Technical Controls• Optimal: Robust Technical Controls

More Information

• Free Security Scanner Tools» Application Scanner – discover all the apps

being used in your network» Vulnerability Scanner – discover all OS and

application vulnerabilities on your network » Device Scanner – discover all the devices

being used in your network

http://www.lumension.com/Resources/Security-Tools.aspx

• Lumension® Endpoint Management and Security Suite» Demo:

http://www.lumension.com/endpoint-management-security-suite/demo.aspx

» Evaluation: http://www.lumension.com/endpoint-management-security-suite/free-trial.aspx

• Get a Quote (and more)http://www.lumension.com/endpoint-management-security-suite/buy-now.aspx#2

24

Global Headquarters8660 East Hartford Drive

Suite 300

Scottsdale, AZ 85255

1.888.725.7828

info@lumension.com

http://blog.lumension.com