CISO Periodic Table
Click on each element to learn more
Share This:
Optimization
Oz
Technology
Te
Staffing
St
Budget
Bu
Role and
Accountability
Ra
Organized
Crime
Oc
Nation
State
Nt
Hacktivist
Ha
Negligent
Insiders
Ni
Malicious
Insiders
Mi
Artificial
Intelligence
Ai
Artificial
Intelligence
Ai
Blockchain
Bc
Blockchain
Bc
Internet of
Things
IoT
Internet of
Things
IoT
Machine
Learning
Ml
Machine
Learning
Ml
Big Data
Bd
Big Data
Bd
Fusion
Center
Fc
Fusion Center
Fc
Threat
Hunting
Th
Threat
Hunting
Th
Orchestration
& Automation
Oa
Orchestration
& Automation
Oa
Detection &
Response
Dr
Detection &
Response
Dr
Cloud
Security
Cs
Cloud
Security
Cs
Third-Party
Risk Mgmt
Trm
Third-Party
Risk Mgmt
Trm
DevSecOps
Dso
DevSecOps
Dso
Zero
Trust
Zt
Zero
Trust
Zt
Cyber Threat
Intelligence
Cti
Cyber Threat
Intelligence
Cti
Incident
Response
Ir
Incident
Response
Ir
Security Info
& Event Mgmt
Si
Security Info
& Event Mgmt
Si
Penetration
Testing
Pt
Penetration
Testing
Pt
Security Operations Ctr.
Soc
Security Operations Ctr.
Soc
Data
Protection
Dp
Data
Protection
Dp
Application
Security
As
Application
Security
As
Threat
Management
Tm
Threat
Management
Tm
Web
Security
Ws
Web
Security
Ws
Email
Management
Em
Email
Management
Em
Vulnerability
Management
Vm
Vulnerability
Management
Vm
Endpoint
Security
Es
Endpoint
Security
Es
Network
Security
Ns
Network
Security
Ns
Identity &
Access Mgmt
Iam
Identity &
Access Mgmt
Iam
Configuration
Management
Cfg
Configuration
Management
Cfg
Patch
Management
Pm
Patch
Management
Pm
Change
Management
Cm
Change
Management
Cm
Asset
Management
Am
Asset
Management
Am
Business
Alignment
Ba
Business
Alignment
Ba
Privacy
Pr
Privacy
Pr
Compliance
Co
Compliance
Co
Risk
Management
Rm
Risk
Management
Rm
Governance
Go
Governance
Go
Digital
Transformation
Dx
Digital
Transformation
Dx
CISO Constraints
Threat Actors
Emerging Technology
Advanced Security Programs
Security Program Fundamentals
IT Fundamentals
Business Fundamentals
* SANS 2020 IT Cybersecurity Spending Survey.
* Cisco 2018 Annual Cybersecurity Report.
* ISC2 Cybersecurity Workforce Study 2019
* SANS 2020 IT Cybersecurity Spending Survey
60% of companies in US with revenue greater than $5 billion have a CISO.
* Ponemon 2020 Cost of Insider Threat Report.
* Ponemon 2020 Cost of Insider Threat Report.
* Optiv analysis of Gartner IoT Forecast statistics as of January 2021.
1)
2)
3)
4)
1) Advanced analytics
2) Orchestration and automation
3) Threat intelligence
4) Detection and response
5) Threat hunting
* SANS 2020 Threat Hunting Survey
* Ponemon 2020 Cost of a Data Breach Report.
* ESG The Impact of XDR in the Modern SOC (November 2020).
* Gartner How to Respond to the 2020 Threat Landscape; Published 17 June 2020
* Gartner press release from August 2019 summarizing their 2019 Third Party Risk Management survey.
Zero
Trust
* 2020 SANS Cyber Threat Intelligence Survey
VIEW
**Sumo Logic 2020 State of SecOps and Automation Survey.
* Observations from aggregated Penetration Tests performed by Optiv, 2018.
* Ponemon SOC Performance Report June 2020
* Forrester TechRadar Application Security, 2017.
Get the "Application Security" guide to learn more
Learn more
* Proofpoint State of the Phish Report 2021
** Gartner Four Rules for a Compelling IAM Business Case; Published 9 November 2020.
* Ponemon The State of Vulnerability Management (August 2020)
By 2023, 30% of CISOs' effectiveness will be directly measured on the role's ability to create value for the business.*
*Gartner Security Fundamentals — The Services and Processes You Must Get Right, 14 January 2020.
30%
* Gartner Hype Cycle for Privacy, 2020, Published 23 July 2020
* Source: American Institute of Certified Public Accountants (AICPA) 2020 State Risk Oversight.
85-90% of larger organizations and public companies formally report top risk exposures to the board of directors at least annually. However, only 35% are "mostly" or "very" satisfied with the nature and extent of reporting of key risk indicators.*
* The 2019–2020 NACD Public Company Governance Survey.
**Press Release: 2021 Worldwide Digital Transformation Predictions (published 10/29/2020).
* The 2019–2020 NACD Public Company Governance Survey
IDC forecasts DX spending will hit $6.8 TRILLION in 2023 and grow at a compound rate of 15.5% per year from 2020 and 2023, with 65% of the global GDP being digitized by 2022.**
15.5%
Learn More About
Digital Transformation
*Verizon 2021 Data Breach Investigations Report.
**Veracode 2020 State of Software Security Report.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Implementing security best practices mentioned by 61% of respondents
Compliance/regulations or mandates at 59%
* ESG 2020 Asset Management Trends: As IT Complexity Increases, Visibility Plummets; published May 2020
* Gartner Control Network Security Complexity, Inefficiencies and Security Failures by Minimizing Firewall Diversity; Published 27 March 2020
*Ponemon State of Endpoint Security Risk; Published January 2020
* Ponemon The State of Vulnerability Management (August 2020)
*CyberEdge 2021 Cyber Threat Defense Report
* NACD Public Company Governance Survey 2019-2020.
* Gartner 2021 Strategic Roadmap for SASE Convergence; Published 25 March 2021
For organizations looking to advance their SOC effectiveness, Optiv can assist by serving as your outsourcing partner and delivering fully customized capabilities across many key areas including, but not limited to:
* Ponemon Cyber Resilient Enterprise (June 2020).
*Cybersecurity Insiders 2020 SIEM Report
CISO PERIODIC TABLE
Explore the elements that make up the cybersecurity landscape, from today's fundamentals to tomorrow's technology.
Visit the desktop version of the CISO Periodic Table to view the full experience.
Business Fundamentals
Digital
Transformation
Dx
Go
Governance
Risk
Management
Rm
These core frameworks will help ensure that your business objectives are aligned with your cybersecurity objectives.
Compliance
Co
Privacy
Pr
Business
Alignment
Ba
Digital Transformation
Almost every organization recognizes the importance of digital transformation (DX) to boost industry competitiveness, expand revenue, improve customer experience, increase business agility, and/or enhance operational efficiency. However, DX initiatives frequently outpace the ability of the IT organization to provide effective security. Increased use of cloud computing, IoT, and CI/CD software development processes are just a couple examples of DX activities that have the potential to significantly escalate cyber risk.
Governance
Cybersecurity remains a top three area where corporate boards of directors are looking to improve the effectiveness of their oversight, just slightly trailing two other foundational oversight categories of strategy execution and strategy development.*
Only 64% of directors say the board’s understanding of cyber risk is strong enough to provide effective oversight.*
Risk Management
Only 24% of companies describe their risk management processes as "mature" or "robust." Larger sized organizations, public companies and financial services companies are at the higher end of the maturity spectrum, but only 35-40% of these groups characterize their risk management process as "mature" or "robust."
Compliance
Regulations are constantly evolving as evidenced by the recent initiation of new data privacy regulations such as GDPR in 2018 and the California Consumer Privacy Act (CCPA) in early 2020. Due to the risk of financial penalties and adverse impacts to the business, compliance mandates are listed among the top factors that drive cyber security programs.
Privacy
Onerous new data privacy regulations are taking shape across the globe, building on momentum created by the enactment of the General Data Protection Regulation (GDPR) in the EU in 2018. The first sweeping data privacy law in the US was enacted on January 1, 2020 in the form of the California Consumer Privacy Act (CCPA). These laws are only the beginning of a global trend which will dramatically increase the requirements for cybersecurity programs in the future.
Business Alignment
The digital ambitions of most organizations dramatically expand their cyber attack surface by pushing IT infrastructure into the cloud, connecting IoT and accelerating software development cycles. Security leaders must become more aware of business objectives and strive to demonstrate how cyber programs enable business success.
*The 2019–2020 NACD Public Company Governance Survey.
IT Fundamentals
Digital
Transformation
Dx
Change
Management
Cm
Configuration
Management
Cfg
Identity & Access
Management
Iam
Patch
Management
Pm
These elements will help you eliminate duplicative technologies and put the right security controls in place.
Asset Management
Asset management is critical to an effective cybersecurity strategy. You cannot properly secure what you do not know exists. In addition, by continuously tracking and optimizing the IT asset footprint, other functions such as patch management become far more streamlined. One prominent vendor of network asset discovery and management solutions says organizations are blind to 25-50% of the devices on their networks.
Change Management
To more effectively compete in the digital economy, companies are pushing more change into IT production environments at a faster pace which strains change management practices.
Formalized change management programs can slow progress, but must be engrained in the evolving corporate culture. Good processes are built with verification and validation steps to catch exceptions and mistakes.
Patch Management
Effective patch management is a critical component to any security program. While there are varying valid reasons for why it may not be feasible – or a high priority – to implement some patches, it is hard to accept that many high-impact breaches stem from vulnerabilities for which patches do exist.
Configuration Management
Configuration management proactively and continuously monitors and hardens the security configurations of an organization’s operating systems, applications and network devices. A formalized configuration management program is important to demonstrate compliance with various regulations including PCI DSS and HIPAA.
Identity and Access Management
Many breaches are the result of deficiencies in IAM programs. By 2023, 75% of security failures will result from inadequate management of identities, access, and privileges, up from 50% in 2020.*
Through 2021, IAM programs with complete and well-articulated business cases will secure more than 200% more investment than programs that do not.**
Digital
Transformation
Dx
Network
Security
Ns
Email
Security
Em
Web
Security
Ws
Vulnerability
Management
Vm
Endpoint
Security
Es
Penetration Testing
There are only two ways to know if an organization’s people, processes, and technologies are truly effective against an attacker: either get attacked by a good guy or get attacked by a bad guy. Utilizing offensive penetration testing teams (the good guys) brings the enemy’s perspective into consideration, helping organizations to focus their security strategy and execution on impactful remediations and improvements.
Up to 75% of the vulnerabilities typically exploited by the Optiv penetration testing team are not identified by a vulnerability scanner.
Application Security
Web applications are now a hacker-favorite attack vector, responsible over 80% of hacking-related breaches.*
The majority of breaches continue to originate from financially driven actors. Roughly 61% of the time, assets are infiltrated with stolen credentials.*
As it stands, roughly 76% of all applications contain at least one vulnerability when they are first scanned, and 24% contain at least one high severity flaw.**
*Verizon 2021 Data Breach Investigations Report.
**Veracode 2020 State of Software Security Report.
Cloud Security
Public cloud services have become the foundation of the digital business’s agility and innovation. As companies rush to the cloud, however, input from the security team is not relied upon as frequently as perhaps it should be. As organizations increasingly shift their workloads into the public cloud, best practices suggest that security teams should be involved early in the strategy process to minimize risk.
Through 2023, at least 99% of cloud security failures will be the customer’s fault.*
Threat Management
Effective threat management is about understanding your attack surface and gaps and what assets are most appealing to threat actors. Being ready and able to respond is best accomplished by continually assessing your security controls and processes, as well as testing and training people.
Proactive threat hunting is also critically important. New security technologies and policies must be integrated and strategic, not just deployed tactically.
Optiv can provide significant guidance in the development and maturation of your threat management program.
Security Information and
Event Management
Security information and event management (SIEM) is a foundational tool that provides better visibility into threats, acceclerates detection and response, and boosts the efficiency of security operations.
29% of SIEM users say it helped them reduce breaches significantly and another 45% said it helped them reduce breaches somewhat.*
Security Operations Center
Roughly 60% of organizations currently have a SOC and another 15-20% plan to develop a SOC in the future. In addition, around 60% of organizations with a SOC access additional capability by outsourcing at least some functions to an MSSP or MDR provider.*
SOCs face many challenges today due to growing attack surfaces, increasingly sophisticated cyber threats, an overwhelming flow of alerts to manage from security tools, and the daunting task of attracting and retaining talent. Against these odds, it is not surprising that only 50% of organizations rank their SOC effectiveness at a 7 or higher on a scale of 1 to 10.*
Digital
Transformation
Dx
Application
Security
As
Threat
Management
Tm
Security Info
& Event Management
Si
Security
Operations Center
Soc
Cloud
Security
Cs
Data Protection
Among the multitude of security assessments Optiv conducts for clients annually, data protection stands out as one of the lowest maturity disciplines in most organizations. Penalties for poor data protection practices are set to escalate due to new regulations such as GDPR. Optiv expects continued strong corporate investment in data security infrastructure including data access governance, encryption and DLP.
Data protection was called out as the most effective technology to reduce cyber risks among more than twenty security technology categories in a recent survey of security executives by Optiv/ESI ThoughtLab. Not surprisingly, data protection was also identified as the area of largest current investment focus.
Network Security
Network security is likely one of the largest line items in the security technology budget. In an era of digital transformation, the old paradigm of the protected network perimeter has become less relevant. Network security concepts are being forced to morph with the advent of virtual/cloud IT environments and distributed IoT devices.
Through 2025, policy misconfigurations, not firewall flaws, will remain the cause of 99% of firewall breaches and bypasses.*
*Gartner Control Network Security Complexity, Inefficiencies and Security Failures by Minimizing Firewall Diversity; Published 27 March 2020
Endpoint Security
Due to the growing sophistication of attacks, endpoint security was forced to evolve beyond signature-based blocking. Therefore, next-gen antivirus incorporates new prevention techniques that do not rely on signatures. According to one survey, organizations think their current antivirus solution blocks only 40% of attacks, and 68% of organizations have been breached at least once over the past 12 months due to an endpoint attack.*
Endpoint detection and response (EDR) is a complex technology that is most applicable for mature security organizations, but can also be effectively leveraged through relationships with outside managed detection and response (MDR) providers.
Email Security
Email should be a focal point for security executives for several reasons. First, it continues to be one of the most effective attack vectors for cybercriminals, delivering 96% of all phishing lures. Second, an organization-wide breach can be sparked with a single click. Business Email Compromises (BECs) emerged as a top social engineering tactic with reports of misrepresentation 15x higher than the year before. Finally, 85% of breaches in 2020 were human-caused. All of these factors are well covered by the 2021 Verizon Data Breach Investigations Report.
74% of U.S. organizations were impacted by a successful phishing attack.*
Web Security
Secure web gateways represent a fairly mature market, but they provide value for advanced URL filtering and threat defense. Traditional web security capability is becoming increasingly sourced from cloud-based offerings rather than on-prem appliances.
Taking that trend a step further, many technology vendors are increasingly consolidating web security, CASB, DLP, lighter-weight firewall, and other security components and delivering them as an integrated cloud service.
Vulnerability Management
An effective vulnerability management program includes continuous scanning, prioritized remediation, completion tracking, root-cause analysis and detailed reporting.
Among organizations in a recent survey that were impacted by a data breach, 42% said the breach occurred because there was a patch available for a known vulnerability – but it was not applied.*
57% or organizations do not know which vulnerabilities pose the highest risk to their business, which makes it hard to prioritize activities.*
Only 27% of organizations have visibility into the vulnerability management lifecycle, making it difficult to ascertain how well their organizations are prioritizing, remediating and patching vulnerabilities.*
Security Program Fundamentals
Business Fundamentals
IT Fundamentals
Tap to Learn More About...
Security Program Fundamentals
Advanced Security
Programs
Emerging Technologies
CISO Constraints
Threat Actors
Incident
Response
Ir
Cyber Threat Intelligence
Cti
With so many security technologies and constantly changing threat landscapes, it is important to understand where to focus valuable time and limited budget.
Data
Protection
Dp
Artificial
Intelligence
Ai
Big Data
Bd
Internet
of Things
IoT
Blockchain
Bc
Secure Access Service Edge
Secure Access Service Edge (SASE) is a term coined by Gartner in 2019. While still embryonic, SASE can dramatically simplify WAN access and security for remote worker and distributed branch office use cases. In the SASE model, intelligence to deliver WAN access and security are consolidated into a cloud delivered offering. This dramatically reduces the burden at the branch level to manage on-prem infrastructure, while at the same time harnessing the agility of the cloud to seamlessly support growth in users or functionality.
Artificial Intelligence
Artificial intelligence (AI) involves machines that can perform tasks that are characteristic of human intelligence. AI is still in its infancy but represents an advancement beyond machine learning. Security practitioners have signficant optimism about the potential positive impact of AI for cyber defense. However, cyber adversaries will also harness the power of AI to launch increasingly sophisticated and dynamically adapting attacks.
Big Data
As organizations’ use of big data continues to grow, extracting value from it while also keeping it secure has become a greater challenge. Optiv helps clients architect and secure big data infrastructures by simplifying architectures to normalize and effectively analyze data to drive business benefit.
These solutions can be used for cyber defense to fully harness the power of installed security technology that is often siloed in nature and creates an overwhelming amount of threat telemetry that is difficult to capture and analyze.
Internet of Things
The proliferation of Internet of Things (IoT) promises to greatly enhance user experience for consumer-focused implementations and boost operational efficiencies and effectiveness within enterprise applications. However, the resulting increase in the number of smart endpoints connected to corporate networks also creates significantly more entry points for cyber adversaries.
Gartner projects there were nearly 6 billion IoT devices used in enterprise and automotive (non-consumer) applications in 2020, and that number will double by 2025.*
Blockchain
Blockchain is a method to record transactions that provides high security by design: transactions are verified with advanced cryptography and spread across many computers in a peer-to-peer network (distributed ledger). Blockchain implementations are still nascent and this immaturity makes it challenging to predict the ultimate impact the technology will have.
Emerging Technology
These intiatives will ensure that your
business objectives are aligned with
your cybersecurity objectives.
CISO Constraints
Asset Management
Am
Budget
Bu
Technology
Te
Optimization
Oz
Staffing
St
From managing vendors to internal staff, these are the challenges CISO face and strategies to overcome them.
Role and Accountability
By protecting criticial systems from downtime and safeguarding customer privacy, security leaders are quickly becoming critical partners for digital transformation success.
That said, CISOs have their work cut out for them in terms of continuing to educate business executives and the board of directors about the challenges and accomplishments of their role.
Budget
Lack of budget continues to rank among the top inhibitors to building an effective security program.
*The 2019–2020 NACD Public Company Governance Survey.
Staffing
Lack of skilled personnel is consistently mentioned by organizations as one of the top inhibitors to building effective cybersecurity programs.
Organizations can create substantial competitive advantage based on their ability to attract, train and retain cyber talent. Another alternative is to leverage outside experts through consulting or outsourcing partnerships.
Technology
Optiv routinely sees client environments that utilize 50 or more discreet security technologies. There is certainly no shortage of well-funded cyber security technology companies out there all positioning their vision as the best solution in the market. This presents a major challenge for security practitioners and one where a trusted partner like Optiv is ideally positioned to help provide perspective and guidance.
Optimization
Due to an overwhelming number of disparate tools in their environment, many organizations are hitting the tipping point where tech sprawl has actually become counter-productive.
Security teams are spending so much time simply managing the tech stack and drowning in all the associated alerts that it detracts from security effectiveness.
Secure Access Service Edge
Sa
Negligent
Insiders
Ni
Organized
Crime
Oc
Nation
State
Nt
Hacktivist
Ha
Malicious Insiders
Internal actors play a role in 22% of breaches according to Verizon DBIR analysis from 2021.
40% of insider incidents are driven by malicious intent, with the rest resulting from negligence.*
*Ponemon 2020 Cost of Insider Threat Report.
Organized Crime
Hackers and criminal groups play a role in 50-60% of breaches according to the Verizon DBIR analysis over the past several years.
Nation State
Nation state actors play a role in 10-20% of breaches according to Verizon DBIR analysis over the past several years. Not surprisingly, a common target for this group is the information infrastructure of foreign government entities with cyber espionage often as a prime objective.
Hacktivist
A small minority of breaches are related to hacktivist activity where the motivation is not related to either financial gain or espionage. Hactivist breach attribution has generally trended down over the past couple years.
Threat Actors
In order to gain enemy perspective, enterprises need to view their digital footprint with malicious intent.
Data
Protection
Dp
DevSecOps
Dso
Third-Party Risk
Management
Trm
Machine
Learning
Ml
Detection &
Response
Dr
Orchestration
& Automation
Oa
Penetration
Testing
Pt
Fusion Center
Fc
Zero Trust
Traditional security perimeters are dissolving as organizations accelerate digital transformation initiatives and extend their IT estates outside of the corporate data center and into the public cloud and IoT. Zero Trust (ZT) is not a new technology, but rather a pragmatic framework for how to integrate multiple security controls. ZT relies heavily on IAM and emphasizes a couple important principles:
Never trust, always verify. Continuously authenticate and authorize identities at multiple points across the IT estate. Just because an identity was admitted at one point of entry does not mean it can be “trusted” to access all other resources on the network.
Enforce least privilege. Ensure identities can access only those resources which are required to complete their job function and nothing more.
DevSecOps
DevSecOps is a software development best practice that embraces the inherent agility benefits of DevOps, but recognizes that security testing and validation needs to be infused early in the process.
By 2022, 90% of software development projects will claim to be following DevSecOps practices, up from 40% in 2019.*
* Gartner Integrating Security Into the DevSecOps Toolchain, 15 November 2019
Third-Party Risk Management
To more rapidly access required capabilities or enhance business agility, organizations are increasingly relying on partnerships with third-party entities. These third-party relationships often involve important IT connectivity and potentially the sharing of sensitive information. Unless properly managed, this partner ecosystem can represent a significant cyber security risk as attackers can look to exploit the weakest links in order to gain access to their primary target. In this dynamic environment, a set-it-and-forget-it approach to third-party risk management is inadequate and needs to be fortified with continuous review and analysis. According to a survey by Gartner, 83% of organizations identified that risks had emerged in their third-party ecosystem following initial due diligence prior to periodic recertification, and 31% of those risks had a material impact on the business.
Machine Learning
Machine learning (ML) analyzes and synthesizes an avalanche of information that humans alone could not match. It is the practice of using algorithms to parse data, learn from it, and then make a determination or prediction about something in the world.
Ultimately, ML could represent another attack vector for cyber adversaries as they look to hack into and corrupt ML processing models to degrade their capabilities for cyber defense.
Detection and Response
Due to a realization that preventative security controls are not foolproof, security budgets are shifting to also emphasize detection and response. Popular new tools to empower this effort incorporate data capture at the endpoint (endpoint detection and response, or EDR) and in the network. Increasingly, telemetry beyond the endpoint and network is being aggregated into an XDR (extended detection and response) platform.
35% of organizations suggest they already use a managed detection and response (MDR) provider with another 38% actively working on a project to adopt MDR services.*
Orchestration and Automation
Security organizations are struggling due to a shortage of talent, an abundance of tools to manage and alert overload. SOAR (Security Orchestration, Automation, and Response) platforms provide relief by aggregating security intelligence and context from disparate systems and applying machine intelligence to streamline (or even automate) the incident detection and response process.
Security automation is "fully deployed" at only 21% of organizations and "partially deployed" at another 38% of organizations. This leaves 41% of organizations that have not yet embraced this technology.*
Organizations with fully deployed security automation are able to cut their average cost of a breach by more than 50% compared to those that have not deployed it.*
Advanced Security Programs
These advanced security elements provide the knowledge and tools you need to advance your program’s maturity.
Share This:
* Source: American Institute of Certified Public Accountants (AICPA) 2020 State Risk Oversight.
Incident Response
For many organizations, a serious security incident is a matter of "when" and not "if."
This reality makes developing and practicing a response plan a critical objective for any CISO. Unfortunately, only 26% of companies have a cybersecurity incident response plan that is applied consistently across the enterprise, and 23% of companies have no plan at all.*
Cyber Threat Intelligence
Cyber threat intelligence (CTI) is critical to gain perspective on adversarial tactics, techniques and procedures. CTI helps security teams be more proactive in threat prevention and more effective in threat detection and response. CTI is also a key input for proactive threat hunting.
*Ponemon State of Endpoint Security Risk; Published January 2020
*Proofpoint State of the Phish Report 2021
* Cybersecurity Insiders SIEM Survey 2020.
* Ponemon SOC Performance Report June 2020
* Ponemon Cyber Resilient Enterprise (June 2020).
Threat Hunting
Threat hunting is a proactive, ongoing effort to identify and eradicate adversaries that already pierced security controls and are dwelling in an organization's network. Effective threat hunting leverages threat intelligence, telemetry from security tools, and relies extensively on the ingenuity of the threat analyst to uncover hidden threats.
Threat hunting is a valuable endeavor. According to one survey, 37% of organizations utilize a formal program and methodology with assigned staff. At the same time, 43% of organizations do threat hunting on an ad-hoc basis which is encouraging, but might not be as effective as utilizing a dedicated effort.*
Fusion Center
For Optiv, the concept of Fusion Center describes a necessary evolution and improvement beyond current gen SOC capabilities which center around device management and monitoring.
For organizations looking to advance their SOC effectiveness, Optiv can assist by serving as your outsourcing partner and delivering fully customized capabilities across many key functions.
*Gartner press release from August 2019 summarizing their 2019 Third Party Risk Management survey.
*ESG The Impact of XDR in the Modern SOC (November 2020).
These elements represent innovations and trends in technology that we believe will have a direct impact on digital security.
Negligent Insiders
Internal actors play a role in 25-35% of breaches according to Verizon DBIR analysis over the past several years.
40% of insider incidents are driven by malicious intent, with the rest resulting from negligence.*
*Ponemon 2020 Cost of Insider Threat Report.
Back to top
Back to top
Back to top
Back to top
Back to top
Back to top
Back to top
* Gartner Managing Privileged Access in Cloud Infrastructure, Published 9 June 2020
** Gartner Four Rules for a Compelling IAM Business Case; Published 9 November 2020.
*Ponemon The State of Vulnerability Management (August 2020)
*Gartner How to Respond to the 2020 Threat Landscape; Published 17 June 2020
* Ponemon 2020 Cost of a Data Breach Report.
*SANS 2020 Threat Hunting Survey
* Optiv analysis of Gartner IoT Forecast statistics as of January 2021.
Download the "Threat Managment Enterprise Incident Management Solutions" service brief
Learn more
Learn More
Learn more
Secure Access
Service Edge
Sa
Secure Access
Service Edge
Sa
Ra
Role and
Accountability
Bu
Budget
Staffing
St
Technology
Te
Optimization
Oz
Malicious
Insiders
Mi
Negligent
Insiders
Ni
Organized
Crime
Oc
Nation
State
Nt
Hacktivist
Ha
Digital
Transformation
Almost every organization recognizes the importance of digital transformation (DX). However, DX initiatives frequently outpace the ability of the IT organization to provide effective security.
68% of boards of directors acknowledge they can no longer extend their historical strategy over the next five years. Future growth will depend on the adoption of a different business model and a new set of assumptions about what success will look like.*
Download Digital Transformation Service Brief
Business Fundamentals
Business Fundamentals
Learn More About
Governance
Vist Optiv's Risk Management Page
Cybersecurity remains a top three area where corporate boards of directors are looking to improve the effectiveness of their oversight, just slightly trailing two other foundational oversight categories of strategy execution and strategy development.*
As it stands, only 64% of directors say the board’s understanding of cyber risk is strong enough to provide effective oversight.*
Governance
Business Fundamentals
Learn More About
Risk Management
Download the Risk Management Service Brief
Only 24% of companies describe their risk management processes as "mature" or "robust." Larger-sized organizations, public companies and financial services companies are at the higher end of the maturity spectrum, but only 35-40% of these groups characterize their risk management process as "mature" or "robust."*
Risk
Management
Business Fundamentals
The digital ambitions of most organizations dramatically expand their cyber attack surface by pushing IT infrastructure into the cloud, connecting IoT and accelerating software development cycles. Security leaders must become more aware of business objectives and strive to demonstrate how cyber programs enable business success.
Business
Alignment
•
•
Business Fundamentals
Learn More About
Compliance
Visit the California Consumer Privacy Act Page
Regulations are constantly evolving as evidenced by the recent initiation of new data privacy regs such as GDPR in 2018 and the California Consumer Privacy Act (CCPA) in early 2020. Due to the risk of financial penalties and adverse impacts to the business, compliance mandates are listed among the top factors that drive cyber security programs.
In a November 2020 study about Security Priorities from IDG, the top two factors that help determine the priority of an organization's security spending were:
Compliance
IT Fundamentals
To more effectively compete in the digital economy, companies are pushing more change into IT production environments at a faster pace which strains change management practices.
Formalized change management programs can slow progress, but must be ingrained in the evolving corporate culture. Good processes are built with verification and validation steps to catch exceptions and mistakes.
Change
Management
IT Fundamentals
Learn More About
Configuration Management
Download the PCI DSS Report on Compliance
Configuration management proactively and continuously monitors and hardens the security configurations of an organization’s operating systems, applications and network devices. A formalized configuration management program is important to demonstrate compliance with various regulations including PCI DSS and HIPAA.
Configuration
Management
IT Fundamentals
Asset Management is critical to an effective cybersecurity strategy. You cannot properly secure what you do not know exists. In addition, by continuously tracking and optimizing the IT asset footprint, other functions such as patch management become far more streamlined.
Organizations with visibility gaps experience 2.3X more security incidents compared to those without.*
Asset
Management
IT Fundamentals
Learn More About
Patch Managment
Download the Threat Management Service Brief
Effective patch management is a critical component to any security program. While there are varying valid reasons for why it may not be feasible – or a high priority – to implement some patches, it is hard to accept that many high-impact breaches stem from vulnerabilities for which patches do exist.
Among organizations in a recent survey that were impacted by a data breach, 42% said the breach occurred because there was a patch available for a known vulnerability but it was not applied.*
Patch
Management
Dx
Go
Rm
Co
Pr
Business Fundamentals
Learn More About
Privacy
Visit the Data Privacy and Governance Page
New data privacy regulations are taking shape across the globe, building on momentum created by the enactment of the General Data Protection Regulation (GDPR) in the EU in 2018.
The first sweeping data privacy law in the US was enacted on January 1, 2020 in the form of the California Consumer Privacy Act (CCPA). These laws are only the beginning of a global trend which will dramatically increase the requirements for cyber security programs in the future. Before year-end 2023, more than 80% of companies worldwide will be facing at least one privacy-focused data protection regulation.*
Privacy
Ba
Am
Cm
Pm
Cfg
Iam
IT Fundamentals
Learn More About Identity Access Managment
Download the Identity
Case Study
Many breaches are the result of deficiencies in IAM programs. By 2023, 75% of security failures will result from inadequate management of identities, access and privileges, up from 50% in 2020.*
However, many aspects of IAM can be complex and require the development of a formalized plan to drive maturity and support the organization's business initiatives.
Through 2021, IAM programs with complete and well-articulated business cases will secure more than 200% more investment than programs that do not.**
Identity Access
Management
* Gartner Managing Privileged Access in Cloud Infrastructure, Published 9 June 2020
Security Program Fundamentals
Learn More About
Network Security
Read the "Securing Network Architecture"
Blog Post
Network security is likely one of the largest line items in the security technology budget. In an era of digital transformation, the old paradigm of the protected network perimeter has become less relevant. Network security concepts are being forced to morph with the advent of virtual/cloud IT environments and distributed IoT devices. Among the multitude of security assessments Optiv conducts for clients annually, Data Protection stands out as one of the lowest maturity disciplines in most organizations. Penalties for poor data protection practices are set to escalate due to new regulations such as GDPR. Optiv expects continued strong corporate investment in data security infrastructure including data access governance, encryption and DLP.
Through 2025, policy misconfigurations, not firewall flaws, will remain the cause of 99% of firewall breaches and bypasses.*
Network
Security
Ns
Security Program Fundamentals
Email should be a focal point for security executives for several reasons. First, it continues to be one of the most effective attack vectors for cybercriminals, delivering 96% of all phishing lures.
Second, an organization-wide breach can be sparked with a single click. Business Email Compromises (BECs) have emerged as a top social engineering tactic with reports of misrepresentation 15x higher than the year before.
Finally, 85% of breaches in 2020 were human-caused. All of these factors are well covered by the 2021 Verizon Data Breach Investigations Report.
74% of U.S. organizations were impacted by a successful phishing attack.**
Email
Management
Em
Security Program Fundamentals
Secure web gateways represent a mature market, but they provide value for advanced URL filtering and threat defense. Traditional web security capability is becoming increasingly sourced from cloud-based offerings rather than on-prem appliances.
Taking that trend a step further, many technology vendors are increasingly consolidating web security, CASB, DLP, lighter-weight firewall and other security components and delivering them as an integrated cloud service.
Web
Security
Ws
Security Program Fundamentals
Learn More About
Vulnerability Management
Download the Service Brief
An effective vulnerability management program includes continuous scanning, prioritized remediation, completion tracking, root-cause analysis and detailed reporting.
In a recent survey among organizations that were impacted by a data breach, 42% said the breach occurred because there was a patch available for a known vulnerability – but it was not applied.*
57% or organizations do not know which vulnerabilities pose the highest risk to their business, which makes it hard to prioritize activities.*
Only 27% of organizations have visibility into the vulnerability management lifecycle, making it difficult to ascertain how well their organizations are prioritizing, remediating and patching vulnerabilities.*
Vulnerability
Management
Vm
Security Program Fundamentals
Learn More About Penetration Testing
Download the Service Brief
There are only two ways to know if an organization’s people, processes and technologies are truly effective against an attacker: either get attacked by a good guy or get attacked by a bad guy. Utilizing offensive penetration testing teams (the good guys) brings the enemy’s perspective into consideration, helping organizations to focus their security strategy and execution on impactful remediations and improvements.
Up to 75% of the vulnerabilities typically exploited by the Optiv penetration testing team are not identified by a vulnerability scanner.
Penetration
Testing
Pt
Security Program Fundamentals
Learn More About Application Security
Download the Identity
Case Study
Web applications are now a hacker-favorite attack vector, responsible over 80% of hacking-related breaches.*
The majority of breaches continue to originate from financially driven actors. Roughly 61% of the time, assets are infiltrated with stolen credentials.**
As it stands, roughly 76% of all applications contain at least one vulnerability when they are first scanned, and 24% contain at least one high severity flaw.**
Application
Security
As
Security Program Fundamentals
Learn More About Cloud Security
Download the Service Brief
Public cloud services are the foundation of the digital business’s agility and innovation. As companies rush to the cloud, however, input from the security team is not relied upon as frequently as perhaps it should be. As organizations increasingly shift their workloads into the public cloud, best practices suggest that security teams should be involved early in the strategy process to minimize risk.
Through 2023, at least 99% of cloud security failures will be the customer’s fault.*
Cloud
Security
Cs
Security Program Fundamentals
Effective threat management is about understanding your attack surface and gaps and what assets are most appealing to threat actors. Being ready and able to respond is best accomplished by continually assessing your security controls and processes, as well as testing and training people.
Cyberattacks impacted a record-breaking 86% of organizations last year. Meanwhile, 87% of organizations can’t staff enough skilled IT workers to meet their security requirements.*
Threat
Management
Tm
Security Program Fundamentals
Learn More About Security Info & Event Management
Visit Optiv's SIEM
Services Page
Security information and event management (SIEM) is a foundational tool that provides better visibility into threats, accelerates detection and response, and boosts the efficiency of security operations.
75% of SIEM users say the technology is vital to their organization’s security strategy, and 74% have seen a decrease in breaches.*
Unfortunately, SIEMs can be expensive to resource and complex to operate. To be most effective, SIEMs require continuous fine tuning. 88% or organizations report challenges with their SIEM.**
Security Info &
Event Mgmt
Si
Security Program Fundamentals
Learn More About Security Operations Centers
Watch Video
Roughly 60% of organizations currently have a SOC and another 15-20% plan to develop a SOC in the future. In addition, around 60% of organizations with a SOC access additional capability by outsourcing at least some functions to an MSSP or MDR provider.*
SOCs face many challenges today due to growing attack surfaces, increasingly sophisticated cyber threats, an overwhelming flow of alerts to manage from security tools and the daunting task of attracting and retaining talent. Against these odds, it is not surprising that only 50% of organizations rank their SOC effectiveness at a 7 or higher on a scale of 1 to 10.*
Security
Operations
Center
Soc
Security Program Fundamentals
Learn More About
Incident Response
Download the Service Brief
For many organizations, a serious security incident is a matter of "when" and not "if." This reality makes developing and practicing a response plan a critical objective for any CISO. Unfortunately, only 26% of companies have a cybersecurity incident response plan that is applied consistently across the enterprise, and 23% of companies have no plan at all.*
61% of companies with the most mature cyber incident response plans successfully avoided disruptive cyber issue over the past two years. By contrast, only 38% of companies that did not adhere to this best practice achieved the same outcome.
Incident
Response
Ir
Learn More About Cyber Threat Intelligence
Download the Report
Cyber threat intelligence (CTI) is critical to gain perspective on adversarial tactics, techniques and procedures. CTI helps security teams be more proactive in threat prevention and more effective in threat detection and response. CTI is also a key input for proactive threat hunting.
61% or organizations now utilize CTI developed through a combination of in-house analysis and from external service providers.*
82% of users find value in CTI compared to only 1% that said CTI did not improve their security operations.*
Cyber Threat
Intelligence
Cti
Security Program Fundamentals
Learn More About
Endpoint Security
Download the Endpoint Security Service Brief
Due to the growing sophistication of attacks, endpoint security was forced to evolve beyond signature-based blocking. Therefore, next-gen antivirus incorporates new prevention techniques that do not rely on signatures. According to one survey, organizations think their current antivirus solution blocks only 40% of attacks, and 68% of organizations have been breached at least once over the past 12 months due to an endpoint attack.*
Endpoint detection and response (EDR) is a complex technology that is most applicable for mature security organizations, but can also be effectively leveraged through relationships with outside managed detection and response (MDR) providers.
Endpoint
Security
Es
Security Program Fundamentals
Among the multitude of security assessments Optiv conducts for clients annually, data protection stands out as one of the lowest maturity disciplines in most organizations. Penalties for poor data protection practices are set to escalate due to new regulations such as GDPR. Optiv expects continued strong corporate investment in data security infrastructure including data access governance, encryption and DLP.
Data Protection
Dp
Data protection was called out as the most effective technology to reduce cyber risks among more than twenty security technology categories in a recent survey of security executives by Optiv/ESI ThoughtLab. Not surprisingly, data protection was also identified as the area of largest current investment focus.
Advanced Security Programs
Learn More About Zero Trust
Visit Optiv's Zero Trust Page
Zero Trust
Zt
DevSecOps
Dso
Third Party
Risk
Management
Trm
Learn More About
Machine Learning
Download Digital Transformation Service Brief
Machine
Learning
Ml
Learn More About
Detection and Response
Read the Blog Post
Detection and
Response
Dr
Learn More About Orchestration and Automation
Download the Service Brief
Orchestration
and Automation
Oa
Learn More About
Threat Hunting
See Our Security Operations Center Video
Threat Hunting
Th
Fusion
Center
Fc
Traditional security perimeters are dissolving as organizations accelerate digital transformation initiatives and extend their IT estates outside of the corporate data center and into the public cloud and IoT. Zero Trust (ZT) is not a new technology, but rather a pragmatic framework for how to integrate multiple security controls. ZT relies heavily on IAM and emphasizes a couple important principles:
Never trust, always verify. Continuously authenticate and authorize identities at multiple points across the IT estate. Just because an identity was admitted at one point of entry does not mean it can be “trusted” to access all other resources on the network.
Enforce least privilege. Ensure identities can access only those resources which are required to complete their job function and nothing more.
DevSecOps is a software development best practice that embraces the inherent agility benefits of DevOps, but recognizes that security testing and validation needs to be infused early in the process.
Advanced Security Programs
Advanced Security Programs
To more rapidly access required capabilities or enhance business agility, organizations are increasingly relying on partnerships with third-party entities. These third-party relationships often involve important IT connectivity and potentially the sharing of sensitive information. Unless properly managed, this partner ecosystem can represent a significant cybersecurity risk as attackers can look to exploit the weakest links in order to gain access to their primary target. In this dynamic environment, a set-it-and-forget-it approach to third-party risk management is inadequate and needs to be fortified with continuous review and analysis. According to a survey by Gartner, 83% of organizations identified that risks had emerged in their third-party ecosystem following initial due diligence prior to periodic recertification, and 31% of those risks had a material impact on the business.*
Advanced Security Programs
Machine learning (ML) analyzes and synthesizes an avalanche of information that humans alone could not match. It is the practice of using algorithms to parse data, learn from it and then make a determination or prediction about something in the world.
ML could ultimately represent another attack vector for cyber adversaries as they look to hack into and corrupt ML processing models to degrade their capabilities for cyber defense.
Advanced Security Programs
Popular new tools incorporate data at the endpoint (endpoint detection and response, or EDR) and in the network. Popular new tools incorporate data at the endpoint (endpoint detection and response, or EDR) and in the network. Increasingly, telemetry beyond the endpoint and network is being aggregated into an XDR (extended detection and response) platform.
35% of organizations suggest they already use a managed detection and response (MDR) provider with another 38% actively working on a project to adopt MDR services.*
Advanced Security Programs
Security organizations are struggling due to a shortage of talent, an abundance of tools to manage and alert overload. SOAR (Security Orchestration, Automation and Response) platforms provide
relief by aggregating security intelligence and context from disparate systems and applying machine intelligence to streamline (or even automate) the incident detection and response process.
Security automation is "fully deployed" at only 21% of organizations and "partially deployed" at another 38% of organizations. This leaves 41% of organizations that have not yet embraced this technology.*
Organizations with fully deployed security automation are able to cut their average cost of a breach by more than 50% compared to those that have not deployed it.*
Advanced Security Programs
Threat hunting is a proactive, ongoing effort to identify and eradicate adversaries that have already pierced security controls and are dwelling in an organization's network. Effective threat hunting leverages threat intelligence, telemetry from security tools and the ingenuity of the threat analyst to uncover hidden threats.
Threat hunting is a valuable endeavor. According to one survey, 37% of organizations utilize a formal program and methodology with assigned staff.* At the same time, 43% of organizations do threat hunting on an ad-hoc basis, which is encouraging, but might not be as effective as utilizing a dedicated effort.*
Advanced Security Programs
For Optiv, the concept of Fusion Center describes a necessary evolution and improvement beyond current-generation SOC capabilities which center around device management and monitoring.
6) Cloud security
7) Incident response
8) Constant tracking of KPIs
9) Optimized staffing
10) Data sovereignty
Emerging Technology
Learn More About
Secure Access
Service Edge
Download the Field Guide
Secure Access Service Edge (SASE) is a term coined by Gartner in 2019. While still emerging, SASE can dramatically simplify WAN access and security for remote worker and distributed branch office use cases. In the SASE model, intelligence to deliver WAN access and security are consolidated into a cloud-delivered offering.
This dramatically reduces the burden at the branch level to manage on-prem infrastructure, while at the same time harnessing the agility of the cloud to seamlessly support growth in users or functionality. From a security standpoint, SASE aspires to consolidate multiple controls including, but not limited to: Secure Web Gateway, CASB, DLP, Zero Trust Network Access/Software Defined Perimeter and Firewalling.
By 2025, at least 60% of enterprises will have explicit strategies and timelines for SASE adoption encompassing user, branch and edge access, up from 10% in 2020.*
Secure Access
Service Edge
Sa
Emerging Technology
Learn More About
Artificial Intelligence
Download the Whitepaper
Artificial intelligence (AI) involves machines that can perform tasks that are characteristic of human intelligence. Security practitioners have signficant optimism about the potential positive impact of AI for cyber defense. However, cyber adversaries will also harness the power of AI to launch increasingly sophisticated and dynamically adapting attacks.
Initiatives based on AI and machine learning rapidly rose in strategic importance for organizations over the past couple years, and notably accelerated in the wake of the COVID-19 pandemic. While worldwide spending on AI will top $85.3 billion in 2021, it’s predicted to reach $204 billion by 2025—a compound annual growth rate (CAGR) of 24.5%.*
Artificial
Intelligence
Ai
Emerging Technology
Learn More About
Big Data
Download the Service Brief
As organizations’ use of big data continues to grow, extracting value while maintaining security has become a greater challenge.
For the average organization, security technologies are often siloed, creating an overwhelming amount of threat telemetry that’s difficult to capture and analyze. Optiv helps clients design, build and secure big data infrastructures by analyzing (and effectively normalizing) data to drive business benefit. These solutions can unite and fully harness the power of existing security technologies.
Optiv big data solutions can also be deployed in support of general business use cases to enhance insights and decision making around initiatives such as revenue optimization, customer engagement and cost reduction.
Big Data
Bd
Emerging Technology
Learn More About
Internet of Things
Download the Case Study
The proliferation of Internet of Things (IoT) promises to greatly enhance user experience for consumer-focused implementations and boost operational efficiencies and effectiveness within enterprise applications. However, the resulting increase in the number of smart endpoints connected to corporate networks also creates significantly more entry points for cyber adversaries.
Gartner projects there were nearly 6 billion IoT devices used in enterprise and automotive (non-consumer) applications in 2020, and that number will double by 2025.*
Internet
of Things
IoT
Emerging Technology
Learn More About
Blockchain
Read the Blog Post
Blockchain is a method to record transactions that provides high security by design: transactions are verified with advanced cryptography and spread across many computers in a peer-to-peer network (distributed ledger).
Blockchain implementations are still nascent, and this immaturity makes it challenging to predict the ultimate impact the technology will have.
In coming years, the technology will likely influence cybersecurity applications related to data and identity integrity and transaction protection. Blockchain captured the imagination of the market, but production deployments at scale are limited so far.
Blockchain
Bc
CISO Constraints
By protecting criticial systems from downtime and safeguarding customer privacy, security leaders are quickly becoming critical partners for digital transformation success. That said, CISOs have their work cut out for them in terms of continuing to educate business executives and the board of directors about the challenges and accomplishments of their role. Only 64% of directors say their board’s understanding of cyber risk is strong enough to provide effective oversight.*
Security programs continue to consolidate under the leadership of the CISO. In larger organizations, the CIO and CISO tend to share responsibility for the security program. However, more than 60% of companies in the US with revenue greater than $5 billion now have a CISO.
Role and
Responsibility
Ra
CISO Constraints
Lack of budget continues to rank among the top inhibitors to building an effective security program. IT budgets commonly account for around 3-6% of an organization's total revenue. Cybersecurity generally consumes 5-15% of the IT budget.
According to one recent survey, only 35% of organizations measure the effectiveness of their security program against the cost of investment.* Clearly that ratio will need to rise dramatically in the future as security executives fight for necessary funding to address their expanding digital attack suface.
Budget
Bu
CISO Constraints
Lack of skilled personnel is consistently mentioned by organizations as one of the top inhibitors to building effective cybersecurity programs. Organizations can create substantial competitive advantage based on their ability to attract, train and retain cyber talent. Another alternative is to leverage outside experts through consulting or outsourcing partnerships.
It’s estimated that 56% of all organizations are currently at moderate or extreme risk due to shortages of dedicated cybersecurity staff. 2020 saw a 48% increase in cybersecurity staffing, which remained consistent with the two years prior.*
Staffing
St
CISO Constraints
Optiv routinely sees client environments that utilize 50 or more discreet security technologies. There is certainly no shortage of well-funded cybersecurity technology companies out there all positioning their vision as the best solution in the market. This presents a major challenge for security practitioners and one where a trusted partner like Optiv is ideally positioned to help provide perspective and guidance.
Technology
Te
CISO Constraints
Due to an overwhelming number of disparate tools in their environment, many organizations are hitting the tipping point where tech sprawl has actually become counter-productive. Security teams are spending so much time simply managing the tech stack and drowning in all the associated alerts that it detracts from security effectiveness.
It's not easy to validate which tools in the environment are actually performing as expected and providing value. The ideal architecture would consist of the minimum number of tools that could be tightly integrated to provide the maximum security effectiveness. Investments in underutilized or underperforming tools could then be recycled into higher ROI propositions.
Close to 70% of organizations do not evaluate the effectiveness of their security spending.*
Optimization
Oz
Threat Actors
Internal actors play a role in 22% of breaches according to Verizon DBIR analysis from 2021.
40% of insider incidents are driven by malicious intent, with the rest resulting from negligence.*
Nefarious internal actors are more difficult to uncover and contain, leading to an average cost per incident at $760,000 which is more than double that resulting from basic insider negligence.*
Malicious
Insiders
Mi
Threat Actors
Internal actors play a role in 22% of breaches according to Verizon DBIR analysis from 2021. 60% of insider incidents involve simple negligence with the rest driven by malicious intent.*
Unfortunately, innocent mistakes and carelessness can still cause significant negative impacts for a breached organization.
Breaches related to insider negligence cost the average organization $4.6 million per year.
Negligent
Insiders
Ni
Threat Actors
Organized
Crime
Oc
Hackers and criminal groups play a role in 50-60% of breaches according to the Verizon DBIR analysis over the past several years.
Threat Actors
Nation-State
Nt
Nation-state actors play a role in 10-20% of breaches according to Verizon DBIR analysis over the past several years. Unsurprisingly, these groups commonly target the information infrastructure of foreign government entities with cyber espionage often a prime objective. In fact, nation-state and state-affiliated actors accounted for close to 93% of all breaches involving external actors in Verizon’s 2020 Cyber Espionage Report (CER). In the 2020 Verizon DBIR report, nation-state targeting of foreign governments appears to have eased somewhat, but instead spread to the manufacturing vertical where it accounted for roughly 40% of breaches.
Because of either direct or clandestine government funding and support, this group of cyber combatants typically possess the most sophisticated capabilities.
Threat Actors
Hacktivist
Ha
A small minority of breaches are related to hacktivist activity, where goals are related to neither financial gain nor espionage. Verizon refers to hacktivists as ideology motivated.
Learn More About
Asset Management
Download the Service Brief
Learn More About
Change Management
Visit Optiv's Digital Transformation Page
Learn More About
Data Protection
Download the Service Brief
Learn More About
Threat Management
Visit Optiv's Threat Management Page
Learn More About
DevSecOps
Visit Optiv's Application Security Page
Learn More About Third Party Risk Management
Download the Service Brief
Learn More About
Fusion Centers
See Our Security Operations Center Video
Learn More About
Malicious Insiders
Download the Service Brief
Learn More About
Negligent Insiders
Visit Optiv's Cyber Education Page
*The IDC Worldwide Artificial Intelligence Spending Guide
Learn More About
Technology
Download the Service Brief
Learn More About
Technology
Download the Service Brief
