1、 How businesses are embracing a modern approach to threat management and information sharing. Toward new possibilities in threat management Key findings from the Global State of Information Security Survey 2017 Table of contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2、. . . . . . . . . . . . . . . 2 Bold new combinations in the cloud . . . . . . . . . . . . . . . . . . . . . . . . . 5 Integrating key threat-management tools in the cloud . . . . . . . . . 7 Advanced authentication to catch phishers . . . . . . . . . . . . . . . . . . . 9 What cloud-based threat in

3、telligence looks like . . . . . . . . . . . . . . 13 The power of a centralized platform . . . . . . . . . . . . . . . . . . . . . . . . 14 Tapping into a network of information-sharing resources . . . . . . 16 How ISAOs improve prospects for information sharing . . . . . . . .20 A state of pioneeri

4、ng cybersecurity . . . . . . . . . . . . . . . . . . . . . . . . 22 Toward the future of threat intelligence . . . . . . . . . . . . . . . . . . . . . 23 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Contacts . . . . . . . . . . . . . . . . . .

5、. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Key findings from The Global State of Information Security Survey 2017 2016 PwCB Today, most business leaders know that they are responsible for cybersecurity and privacy threats, wherever they occur in disparate enterprise systems. What m

6、any do not understand is how to design, implement and manage a real-time threat-intelligence and information-sharing program. They are not alone. An integrated threat-intelligence and information-sharing platform can be a great unknown for even the most cybersavvy of executives. Threat management is

7、 an advanced discipline that requires a chess masters skills in strategic and analytical thought. Multiple interconnected systems must be synthesized to ingest, correlate, analyze and contextualize information from multiple sources. Automated information sharing requires considerable know-how in tec

8、hnology and data standards and interconnected processes. Key findings from The Global State of Information Security Survey 2017 2016 PwC2 Both demand a foundation of cloud-based monitoring and analysis technologies, an interoperable information-sharing strategy and platform, and carefully tailored p

9、rocesses. To get there, businesses will need in-house or external expertise in four key areas: Ingesting and surfacing meaningful, validated intelligence in real time. Assessing the organizational impact of that intelligence. Identifying actions to mitigate threats. Taking prompt technical, legal an

10、d operational action. These four distinct skill sets require no small sum of technical expertise and resources. As such, organizations will need deep cybersecurity expertise as well as a multidisciplinary team that includes stakeholders from IT, legal counsel, risk, privacy and business units. This

11、team will be responsible for creating custom processes to integrate activities across systems and the enterprise. Key findings from The Global State of Information Security Survey 2017 2016 PwC3 Threat management requires expertise in four key areas Ingesting and surfacing meaningful, validated inte

12、lligence in real time Assessing the organizational impact of that intelligence Identifying actions to mitigate threats Taking prompt technical, legal and operational action 01 02 03 04 We believe that cloud computing services are foundational to the integration and management of the many moving part

13、s of a threat-management program. A cloud-based model can deliver computational power to monitor and analyze all digital interactions and create a unified repository of information to generate actionable intelligence in real time. A cloud-centric solution may not be the choice of all businesses some

14、 may opt to implement and run an on-premise threat- management solution. And there are concrete advantages to this approach. For one, organizations own on-premise solutions, and that allows them to fully customize and integrate systems to accommodate individual business needs. It can also give organ

15、izations complete control in compliance with government and industry regulations. And because data and applications are stored on servers in house, cybersecurity teams always know where data is stowed. Despite the advantages, on-premise threat management entails complex challenges and internal resou

16、rce requirements. Chief among them: Businesses must hire and retain key talent with niche skills to manage large amounts of unstructured threat information and process it so that it can be leveraged effectively. An on-premise solution also requires the resources to hire and retain highly skilled cyb

17、erthreat-intelligence analysts to review data and take immediate action on that information. Finally, organizations must have an agile technology ecosystem that can scale to a large set of both internal and external threat information as needed. Whether on-premise or on the cloud, implementation of

18、a threat- management system will be a challenge for even the most highly resourced organizations. But those that tackle this initiative will be better prepared to proactively monitor for threats, identify compromises, quickly respond to incidents and share threat intelligence. Ultimately, these capa

19、bilities will help build competitive advantages by protecting customer data, business assets and brand reputation. Key findings from The Global State of Information Security Survey 2017 2016 PwC4 Bold new combinations in the cloud When it comes to threat intelligence and information sharing, the clo

20、ud platform provides a centralized foundation for constructing, integrating and accessing a modern threat program. The power and interoperability of a centralized cloud platform enables organizations to synthesize a range of synergistic threat- management technologies. Whats more, businesses can lev

21、erage the inherent simplification of cloud architectures to build new robust and scalable threat-detection capabilities. The cloud also can enable safer information sharing by combining analytics from multiple sources without compromising data security. The fusion of advanced technologies with cloud

22、 architectures can help organizations more quickly identify and respond to threats, better understand customers and the business ecosystem, and ultimately reduce costs. This model can, for instance, leverage machine learning and artificial intelligence techniques to aggregate and analyze enormous vo

23、lumes of data, correlate this data with a global database of threat intelligence, identify threats in real time and prioritize responses based on impact to affected assets. of IT services are delivered via the cloud 48% PwC, CIO and CSO, The Global State of Information Security Survey 2017, October

24、5, 2016 Take a look at our interactive timeline. Connecting the dots: A timeline of technologies, threats and regulations that redefined cybersecurity and privacy Key findings from The Global State of Information Security Survey 2017 2016 PwC5 Cloud-based threat-management capabilities are evolving

25、rapidlyand are changing the model of on-premise cybersecurity and privacy solutions. “Were seeing rapid uptake of the cloud model because of its cost advantages, the compute and scalability that it providesand the ability to rapidly and flexibly adjust computing capabilities,” said Christopher OHara

26、, PwC US Co-Leader, Cybersecurity and Privacy. “We believe cloud-based cybersecurity will evolve to the point where you can realistically take any type of threat data and process it, normalize it and understand its impact to your business in real time . Todays on-premise solutions simply cant do tha

27、t .” Thats because traditional on-premise systems are often constrained by inadequate storage capacity, processing power and scalability. These limitations can impede cybersecurity teams ability to view and analyze data across their enterprise, restrict search efforts and increase the volume of fals

28、e positives. Key findings from The Global State of Information Security Survey 2017 2016 PwC6 Integrating key threat- management tools in the cloud Many organizations are proactively adopting or updating key technologies that are essential to gathering and analyzing threat intelligence. Increasingly

29、, they are opting for cloud-based managed security services rather than traditional on-premise systems. In fact, 62% of respondents use managed security services for initiatives like authentication, identity and access management, real-time monitoring and analytics, and threat intelligence. Source:

30、PwC, CIO and CSO, The Global State of Information Security Survey 2017, October 5, 2016 Threat detection tools and processes in place, 2016 Have intrusion- detection tools Actively monitor numbers may not add to 100% due to rounding. All figures and graphics in this report were sourced from survey r

31、esults. Key findings from The Global State of Information Security Survey 2017 2016 PwC24 Australia Richard Bergman Partner Andrew Gordon Partner Steve Ingram Partner Austria Christian Kurz Senior Manager Belgium Filip De Wolf Partner Brazil Edgar DAndrea Partner PwC cybersecurity and privacy contac

32、ts by country Canada David Craig Partner Sajith (Saj) Nair Partner Richard Wilson Partner China Megan Haas Partner Ramesh Moosa Partner Kenneth Wong Partner Key findings from The Global State of Information Security Survey 2017 2016 PwC25 Denmark Christian Kjr Director Mads Nrgaard Madsen Partner Fr

33、ance Philippe Trouchaud Partner Germany Derk Fischer Partner India Sivarama Krishnan Partner Israel Rafael Maman Partner Italy Fabio Merello Partner Japan Yuji Hoshizawa Partner Sean King Partner Naoki Yamamoto Partner Korea Soyoung Park Partner Luxembourg Vincent Villers Partner Mexico Fernando Rom

34、n Sandoval Partner Yonathan Parada Partner Juan Carlos Carrillo Director Carlos C Key findings from The Global State of Information Security Survey 2017 2016 PwC26 Middle East Mike Maddison Partner Netherlands Gerwin Naber Partner Otto Vermeulen Partner Bram van Tiel Director New Zealand Adrian van

35、Hest Partner Norway Lars Erik Fjrtoft Partner Poland Rafal Jaczynski Director Jacek Sygutowski Director Piotr Urban Partner Russia Tim Clough Partner Singapore Vincent Loy Partner Jimmy Sng Partner South Africa Sidriaan de Villiers Partner Elmo Hildebrand Director/Partner Busisiwe Mathe Partner/Dire

36、ctor Key findings from The Global State of Information Security Survey 2017 2016 PwC27 South East Asia Jimmy Sng Partner Spain Javier Urtiaga Baonza Partner Elena Maestre Partner Sweden Martin Allen Director Rolf Rosenvinge Director Switzerland Reto Haeni Partner Turkey Burak Sadic Director United K

37、ingdom Neil Hampson Partner Richard Horne Partner Alex Petsopoulos Partner United States David Burg Principal Scott Dillman Principal Chris OHara Principal Grant Waterfall Partner Key findings from The Global State of Information Security Survey 2017 2016 PwC28 This content is for general informatio

38、n purposes only, and should not be used as a substitute for consultation with professional advisors. At PwC, our purpose is to build trust in society and solve important problems. Were a network of firms in 157 countries with more than 208,000 people who are committed to delivering quality in assura

39、nce, advisory and tax services. Find out more and tell us what matters to you by visiting us at . PwC has exercised reasonable professional care and diligence in the collection, processing, and reporting of this information. However, the data used is from third party sources and PwC has not independ

40、ently verified, validated, or audited the data. PwC makes no representations or warranties with respect to the accuracy of the information, nor whether it is suitable for the purposes to which it is put by users. PwC shall not be liable to any user of this report or to any other person or entity for

41、 any inaccuracy of this information or any errors or omissions in its content, regardless of the cause of such inaccuracy, error or omission. Furthermore, in no event shall PwC be liable for consequential, incidental or punitive damages to any person or entity for any matter relating to this informa

42、tion. PwC will not disclose the name of any respondent without their prior approval and under no circumstances will PwC disclose individual entity data. 2016 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www. for further details. 229699-2017.2