While cyber security compliance does not translate to a risk free, air tight, ultra-secure environment, it is a starting point. In a CIO poll, conducted last year, of more than 1,100 security executives around the world, 91% of respondents consider their organization to be vulnerable to internal or external data threats. 64% of respondents express the view that cyber security compliance is a “very” or “extremely” effective strategy in staving off data breaches.
“In reality the adversary is really after that data, and we’re putting the controls to protect that data itself really down at the bottom of the list,” says Vormetric CSO Sol Cates. “Data is data — it’s ones and zeroes, it doesn’t have any built-in defense.”
Too often, security operations lack sufficient rigor and consistency and key people are unaware of their organization’s vulnerabilities. Organizations might employ a range of ad hoc processes and capabilities that offer varying levels of effectiveness. In addition, many fail to practice good enterprise-wide “security hygiene” – including basics such as access control, two factor authentication, rigorous vulnerability management and password policy compliance.
Cyber security compliance growth
One cyber security compliance vendor is seeing huge growth in the Indian market. Skybox Security recently announced a 154% increase in YoY revenue from their Indian business in 2016. India has become a prime target for cyber criminals of late, focusing both on infrastructure and financial targets.
“A $460 million market and one of the largest and fastest-growing economies in the world demands dedicated attention,” said Avi Corfas, Skybox VP of Asia-Pacific and Latin America. “Internet penetration and adoption of ‘leap frog’ technologies like WLAN, mobile devices and virtualized networks are driving growth because they bring with them a dramatically different threat landscape and security management challenges. These challenges make security analytics and comprehensive network visibility vital to safeguarding the organization.”
“Compliance may be the number one operational challenge for Indian businesses – most businesses, for that matter,” said Sridhar Namachivayan, Skybox regional director of India and SAARC. “Without network automation to streamline workflows, data collection and analysis, tracking and reporting, security teams simply can’t keep up with compliance requirements. On top of that workload, they must also be concerned with the needs of the business and the day-to-day protection of their organization.” Namachivayan offers advice to companies struggling to overcome these challenges.
This article first appeared on CyberSecBuzz