As economic uncertainty continues and the threat landscape becomes increasingly complex, businesses are strengthening their security posture while navigating increasingly stringent regulatory requirements.
The 2024 Thales Global Data Threat Report, conducted by S&P Global Market Intelligence, surveyed nearly 3,000 respondents across 18 countries and 37 industries and found It has become clear how we are dealing with these threats. This report explores their experiences, hurdles, approaches, and achievements, providing insight into the security impact of new technologies and the organizational adaptations needed for future success.
Compliance and residency are key
The study reveals that despite risk being volatile and cyber regulations constantly changing, almost half (43%) of businesses have not passed a compliance audit in the past year. Ta. Of the companies that failed their audits, 31% of them experienced violations during the same period, compared to just 3% of compliant companies. This highlights the important link between compliance and data security.
Managing operational complexity also remains a challenge, leading to data-related issues. A significant number of organizations struggle to identify and classify systems, applications, and data at risk, with only a third (33%) achieving complete classification. ) only. Surprisingly, 16% admitted that they barely categorize their data.
The proliferation of multi-cloud usage across services and the evolution of global data privacy regulations highlight the importance of data sovereignty for enterprises. According to the report, 28% of respondents consider mandating external key management as a primary way to achieve sovereignty.
trust issues
The report also found that most customers (89%) are willing to share data with their organization, but this willingness comes with certain non-negotiable conditions. Nearly nine in 10 (87%) expect some degree of privacy rights from the companies they do business with online. In addition to these high consumer privacy expectations, respondents emphasized that many customers have access to an organization's internal systems and assets. They showed that up to 16% of users who access a company's cloud, network, and device resources may be customers.
Similarly, access by external vendors and contractors accounted for an average of 15% and 12% of users, respectively. Given the combination of increased consumer privacy expectations and widespread external user access, customer identity and access management (CIAM) has emerged as one of the key emerging security concerns.
However, while improvements to CIAM, such as eliminating passkeys and passwords, improve the user experience, they also introduce new challenges, such as deepfake attacks with generative AI, and simplifying this complexity makes it difficult for adversaries to This is critical to reducing the number of opportunities for communication and improving usability and engagement.
Emerging technologies: threats and opportunities
This report also takes a deep dive into the emerging technologies that security professionals are watching closely. More than half (57%) cite artificial intelligence (AI) as a major concern, followed by IoT at 55%. Post-quantum cryptography was next at 45%.
That said, these technologies also promise many benefits. Approximately 22% of respondents said they plan to integrate generative artificial intelligence (GenAI) into their security solutions and services within the next year, with a further one-third (33%) I answered that I am planning to experiment with this.
Ubiquitous connectivity, pervasive threats
In the age of ubiquitous connectivity, IoT and 5G also pose pervasive threats. Operational technology (OT) adoption has been criticized for its lack of focus on security, but this year's survey found that 75% of IT security teams prioritize their OT as a defense against IoT threats. It became clear.
OT devices such as power meters and “smart” sensors in various distributed physical plants are often designed to minimize monitoring and reduce operational costs, exacerbating security risks . This means that proactive security measures are essential. Despite increasing connectivity options, traditional methods such as physical or network separation (“air gaps”) are less preferred for securing IoT/OT environments.
Reflecting Zero Trust principles, respondents were reluctant to rely solely on carrier security, with only 33% expressing concern about carrier network security in the context of 5G. However, IoT and OT devices still face security challenges.
Establishment of centrally defined principles
As companies expand, so too will their use and integration of these technologies. Therefore, establishing centrally defined security principles increases the likelihood of successful delegation and implementation, primarily when rooted in fundamental concepts of guidance and consensus.
Just as the rule of law thrives in a society where individuals and organizations understand their rights and obligations, a company's data security risks will be affected by the voluntary upholding of these principles by other stakeholders. It can be alleviated by empowering and delegating compliance.
Download Thales' full 2024 Thales Data Threat Report now.