Level 75
Despite the potential costs, legal consequences and other negative outcomesof data breaches, they continue to happen. A new SANS Institute survey looks at the preventive aspect of breaches – and what security and IT practitioners actually are, or are not, implementing for prevention.

The survey looked at how practitioners might overcome barriers to implementing effective prevention, including developing clear requirements and defining specific preventive measures, such as the role of automation, threat intelligence and others.

The findings illustrates an apparent disconnect between what is considered preventive by the majority of respondents and the measures that have been implemented for prevention:

  • 85 percent of respondents consider blocking known malware as a preventive measure, yet less than half (40 percent) have implemented these methods
  • 63 percent consider robust testing is preventive, while only 39 percent have implemented robust testing
  • Nearly 60 percent consider metrics-based evaluation and reporting preventive but only 40 percent are using evaluation and reporting.
“Many data breaches can be avoided or the impact mitigated, but preventing them continues to be a challenge in the real world. The survey illustrates the disconnect between what respondents consider preventive controls versus what they have implemented as preventive measures,” said Barbara Filkins, senior analyst at the SANS Institute.

Full Article. The evolution of data breach prevention practices - Help Net Security
Last edited: