“Enterprises are now running business critical applications and services in the cloud, and this report highlights the need for changes in the way enterprises secure their data and applications,” said Jeff Harris, vice president, portfolio marketing, Keysight Technologies. “Operating in the Cloud changes security requirements. Enterprises need a strong security regimen that includes continuous testing as well as visibility down to the packet level to identify and control malicious behaviour before it impacts their business.”
The survey revealed that securing data and applications is a top public Cloud priority in 2018. The dominance of Cloud has impacted security teams as well, as they strive to deliver effective security in a hybrid, dynamically changing, on-demand environment.
According to the report, the gap between cloud operations and security operations is growing. A Threat Stack study found nearly 73% of public Cloud instances had one or more serious security misconfigurations. The combination of Cloud growth and a high number of security misconfigurations suggests there will be more breaches in 2018 where Cloud is a factor.
As enterprises continue to struggle with preventing breaches, a mind-shift is required to detect breaches once they occur, especially when an average of 191 days passes between intrusion to detection according to a recent Ponemon study.
Where 2017 was the year of ransomware, 2018 is primed to be the year of crypto jacking. AdGuard researchers report that over 500 million PCs are being used for crypto-mining without the owners’ knowledge. Mining crypto-currencies provides hackers with a high-profit return that is far stealthier than a ransom attack.
In 2017, over half of all web traffic was encrypted. Hackers have been found to be exploiting this trend, hiding malicious traffic in encrypted streams, which makes detection via traditional means impossible. The advent of TLS 1.3 using ephemeral key encryption requires changes in the approach to encryption.
To download a complimentary copy of the 2018 Security Report from Ixia, a Keysight Business, click here.