TEL AVIV, Israel, January 17, 2023 – A seminal report conducted by Eureka Security in conjunction with the Venture Advisory Board of YL Ventures serves as a wake-up call for data security leaders and practitioners. Leading global CISOs in companies spanning various sizes and industries were surveyed on their data security practices. Over 20% of those polled classified more than 50% of their data as sensitive and almost 40% reported they experienced a data breach.
As data breaches continue to be one of the leading cyber-attack vectors of the past several years, the insights presented will serve CISOs, security practitioners, business executives and decision-makers to augment their understanding of how critical data is presently managed, controlled and secured within their cloud environments –and more important – how it should be.
“There are real-world financial, reputational and logistical consequences to data breaches,” said Liat Hayun, CEO of Eureka Security. “That 40% of companies have experienced a data breach is an unsettling figure that screams to the urgency of prioritizing data security as a leading and critical concern.”
Ensuring that data can be easily discovered, classified and secured using guardrails and regulations is a crucial cornerstone of a sound data security strategy. Data is increasingly being used by various teams and users within companies, which in turn, makes its attack surface grow rapidly.
While data was once commonly segregated within on-prem infrastructure, its presence and growth in the cloud have greatly increased the risk of breaches and theft. Using only one cloud provider has proven to be limiting for business, so companies are rapidly shifting towards a multi-cloud approach, making things even more challenging for security professionals. All of this makes the survey’s outcomes even more alarming – 22% of survey respondents stated that more than half of their data can be classified as sensitive – but 20% of them do not know where this sensitive data is stored within their company.
The data breaches of 2022 have shown that access is the key target for attackers as they search for a ‘way in.’ “We were pleased to learn that most CISOs do employ tools and methodologies for limiting access – 51% use network policies and 92% use dedicated groups,” said Hayun. “But these surface-level legacy tools are not specific to data security and leave companies at risk of compliance breaches.” Only 30% of CISOs surveyed shared that they use advanced controls to limit and secure access to sensitive data.
Implementation of controls and other critical data security processes including identification and classification (only 20% of CISOs indicated that they have a robust data classification process in place), across numerous teams and users, is another significant challenge for CISOs. Eighty percent of CISOs surveyed shared that more than one team within their company is responsible for enforcing data security controls, and 50% of them indicated that this responsibility is split between three or more teams including security, privacy, compliance, DevOps, engineering, CTO, SRE and others. Without clear ownership and specific expertise, enforcement of data security policies will become even more difficult to oversee or manage.
Accordingly, access management was the top CISO data security pain point (57%) and the top area they plan to invest their resources in over the next three years. Furthermore, 51% of CISOs stated that visibility, monitoring and alert fatigue are also of increasing importance in their strategy, most probably due to the myriad of point solutions and the lack of comprehensive visibility into the company’s security program. Data classification was the third future data security priority that CISOs chose, with 43% of them indicating that current data classification solutions – manual, partial and selective – are insufficient and require a new approach.
The data analyzed and presented in this report should serve security leaders and practitioners, as they strive to make data security a company priority. It is clear from the data that CISOs must contend with gaps, legacy processes and slow discovery times in current data security practices, and these insights can assist them in enhancing their approach to data security and implementing stronger, more streamlined measures to safeguard their companies’ assets against potential breaches.
For more insights, read the full report.
About Eureka Security
Eureka Security is the leader in cloud data security posture management. Enterprises increasingly store sensitive data in clouds such as AWS, Azure, GCP, and Snowflake. Eureka’s Data Security Posture Management (DSPM) solution helps security teams understand where data is, the type of data it is, learn who and what can access it, and keep it continuously secure. Its SaaS platform is easy-to-deploy and can be spun up in minutes for actionability on day one.
About YL Ventures
YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead. Based in Silicon Valley and Tel Aviv, YL Ventures manages over $800M and specializes in cybersecurity. YL Ventures accelerates the evolution of portfolio companies via strategic advice andUS-based operational execution, leveraging a powerful network of CISOs and global industry leaders. The firm's track record includes investment in Israeli cybersecurity unicorns Axonius and Orca Security, as well as successful high-profile acquisitions by major corporations including Palo Alto Networks, Microsoft, CA and Proofpoint.