MEASURING TRUST IN PRIVACY AND SECURITY
Ponemon Institute
Sign Up for the Ponemon News Feed for special reports and important updates regarding privacy and security

News & Updates


Blog

Welcome to my new blog. I look forward to providing interesting content from our latest research studies. Please stay tuned to some very thought provoking research!

What are the 12 global trends in identity governance and access management?
October 25, 2016, 9:00 am


Ponemon Institute is pleased to present the findings of Global Trends in Identity Governance & Access Management, sponsored by Micro Focus. The purpose of this study is to understand companies’ ability to protect access to sensitive and confidential information and what they believe is necessary to improve the protection. All participants in this study are involved in providing end users access to information resources in their organizations. Some of the trends discussed in the report are:

  1. Employees are frustrated with access rights processes, and IT security is considered a bottleneck.
  2. Responding to requests for access is considered slow.
  3. Control over access management is decentralized.
  4. Certain technologies are considered an important part of meeting identity governance and access management requirements.
  5. A single-factor authentication approach is no longer effective.
  6. Integration of machine learning within identity governance solutions is critical (64 percent of respondents).
  7. The most difficult access policies to implement are those for enforcing access policies in a consistent fashion across all information resources in the organization.
  8. End users have more access than they should.
  9. Migration to Mobile First and mobile platforms has affected access management approaches.
  10. New threats created by disruptive technologies will reduce organizations’ ability to mitigate governance and access management risks.
  11. The ability to manage access in the Internet of Things (IoT) is a concern.
  12. Effective identity governance and access management across the enterprise is achievable.

We hope you will read our latest report on this topic.

Sincerely,

Dr. Larry Ponemon 
 

Ponemon Institute and Cloudera announce a webinar on the state of cybersecurity big data analytics on October 11 at 10 AM PT/1 PM ET.
October 5, 2016, 9:00 am

Ponemon Institute and Cloudera announce a webinar on the state of cybersecurity big data analytics on October 11 at 10 AM PT/1 PM ET.

By Dr. Larry Ponemon


Big Data Cybersecurity Analytics, conducted by Ponemon Institute and sponsored by Cloudera, provides more evidence that the use of big data analytics is very important to ensuring a strong cybersecurity posture. Dr. Larry Ponemon and Rocky DeStefano, Cloudera’s cybersecurity subject matter expert, will participate in a webinar on October 11 to discuss key findings from the research.

Following are key findings from the research.

• Organizations are 2.25X more likely to identify a security incident within hours or minutes when they are a heavy user of big data cybersecurity analytics.

• Eighty-one percent of respondents say demand for big data for cybersecurity analytics has significantly increased over the past 12 months.

• Heavy users of big data analytics have a higher level of confidence in their ability to detect cyber incidents than light users.   With respect to 11 common cyber threats, the biggest gaps between heavy and light users concern the organization’s ability to detect advanced malware/ransomware, compromised devices (e.g., credential theft), zero day attacks and malicious insiders.  The smallest gaps in detection between heavy and light users concern denial of services, web-based attacks and spear phishing/social engineering.

• Companies represented in this research are allocating an average of $14.50 million to IT security in fiscal year 2016 and an average of $2.32 million (16 percent) of this budget is allocated to analytics tools.

We hope you will join us for a unique perspective on the state of big data cybersecurity analytics.

Register here.
 

SMBs are vulnerable to cyber attacks
July 1, 2016, 6:51 pm

We are pleased to announce the release of a study focused on the cybersecurity threat to small and medium-sized companies (SMBs). Based on the findings, we conclude that no business is too small to evade a cyber attack or data breach. In fact, 55 percent of respondents say they experienced a cyber attack in the past 12 months and 50 percent of companies represented in this study had a data breach during the past year.

Throughout the world, MSSPs are improving security posture and fighting cyber threats
June 30, 2016, 12:00 am

We are pleased to announce the release of our first study dedicated to the topic of managed security services providers (MSSPs), sponsored by Raytheon. A key finding of the study is that companies using MSSPs understand the primary benefits of leveraging external expertise. MSSPs are gaining in popularity by providing such services as security information and event management (SIEM), network security management (NSM), endpoint detection and response (EDR), incident response, forensics, proactive threat hunting and more.

Why Companies Need BCM Before They Have a Data Breach
June 15, 2016, 9:00 am

By Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute

We are pleased to announce the release of the 2016 Cost of Data Breach Study: The Impact of Business Continuity Management (BCM), in partnership with IBM.  This year we studied how organizations are using BCM in 12 different countries, 383 companies across 16 industries.

According to the research, BCM programs can reduce the per capita cost of data breach, the mean time to identify and contain a data breach and the likelihood of experiencing such an incident over the next two years. 

 

Nearly 90 Percent of Healthcare Organizations Suffer Data Breaches, New Ponemon Study Shows
May 12, 2016, 9:10 am

Nearly 90 Percent of Healthcare Organizations Suffer Data Breaches, New Ponemon Study Shows

New Ponemon Study on Malware Detection & Prevention Released
March 18, 2016, 10:00 am


The State of Malware Detection & Prevention sponsored by Cyphort reveals the difficulty of preventing and detecting malware and advanced threats. The IT function also seems to lack the information and intelligence necessary to update senior executives on cybersecurity risks. 

http://go.cyphort.com/Ponemon-Report-Page.html

Healthcare organizations are in the cross hairs of cyber attackers
February 29, 2016, 12:00 am

The State of Cybersecurity in Healthcare Organizations in 2016, sponsored by ESET, found that on average, healthcare organizations represented in this study have experienced almost one cyber attack per month over the past 12 months. Almost half (48 percent) of respondents say their organizations have experienced an incident involving the loss or exposure of patient information during this same period, but 26 percent of respondents are unsure. 

The Second Annual Study on Exchanging Cyber Threat Intelligence: There Has to Be a Better Way
November 4, 2015, 12:00 am

We are pleased to let you know about our latest study on intelligence sharing. The Second Annual Study on Exchanging Cyber Threat Intelligence: There Has to Be a Better Way reveals interesting trends in how organizations are participating in initiatives or programs for exchanging threat intelligence with peers, industry groups, IT vendors and government. According to the 692 IT and IT security practitioners surveyed, there is more recognition that the exchange of threat intelligence can improve an organization’s security posture and situational awareness. However, concerns about trust in the sources of intelligence and timeliness of the information continue to be a deterrent to participation in such initiatives.

Forty-seven percent of respondents say their organization had a material security breach that involved an attack that compromised the networks or enterprise systems. This attack could have been external (i.e. hacker), internal (i.e. malicious insider) or both. Most respondents (65 percent) say threat intelligence could have prevented or minimized the consequences of the attack.

Following are key research takeaways:

Threat intelligence is essential for a strong security posture. Seventy-five percent of respondents, who are familiar and involved in their company’s cyber threat intelligence activities or process, believe gathering and using threat intelligence is essential to a strong security posture.

Potential liability and lack of trust in sources of intelligence, keep some organizations from participating. Organizations that only partially participate cite potential liability of sharing (62 percent of respondents) and lack of trust in the sources of intelligence (60 percent of respondents). However, more respondents believe there is a benefit to exchanging threat intelligence.

Organizations rely upon peers and security vendors for threat intelligence. Sixty-five percent of respondents say they engage in informal peer-to-peer exchange of information or through a vendor threat exchange service (45 percent of respondents). IT vendors and peers are also considered to provide the most actionable information. Law enforcement or government officials are not often used as a source for threat intelligence.

Threat intelligence needs to be timely and easy to prioritize. Sixty-six percent of respondents who are only somewhat or not satisfied with current approaches say it is because the information is not timely and 46 percent complain the information is not categorized according to threat type or attacker.

Organizations are moving to a centralized program controlled by a dedicated team.  A huge barrier to effective collaboration in the exchange of threat intelligence is the existence of silos. Centralizing control over the exchange of threat intelligence is becoming more prevalent and might address the silo problem.

We hope you will download the full report.

Warmest regards,

 Dr. Larry Ponemon

Advanced Threat Detection with Machine-Generated Intelligence
October 28, 2015, 10:00 am

Companies are losing traction in the fight to identify and prevent advanced persistent threats (APTs) mainly because threat intelligence is often inaccurate or incomplete. The IT security practitioners in our latest study, Advanced Threat Detection with Machine-Generated Intelligence, believe better intelligence could have stopped an average of five security breaches their company had in the past two years. The good news is machine-generated intelligence provided by near-real-time technologies can improve threat detection and the ability to determine baseline or “normal behavior” in order to detect abnormal behavior.  According to participants in our research, machine-generated intelligence solutions will make threat intelligence more actionable and useful.  We hope you will read our latest study sponsored by Prelert, Advanced Threat Detection with Machine-Generated Intelligence, which looks at the state of advanced threat detection in companies, technologies deployed to detect advanced threats and the value of machine-generated intelligence.

Warmest regards,

Dr. Larry Ponemon
 

Records 1 - 10 of 77 — Jump to page First 1 2 3 4 5 6 7 8 Last
Categories
Security (23)
Privacy (22)
global security (1)
Providers (1)