Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
News Releases

New Trustwave Report Reveals How Organizations Protect Data Globally

Increased Cloud Adoption, Digital Transformation Initiatives and Perceived Risks are Key Driving Factors Behind How Data and Databases are Secured        

CHICAGO – October 21, 2020 – Trustwave today released the 2020 Trustwave Data Security Index report which depicts how technology trends, compromise risks and regulations are shaping how organizations’ data is stored and protected. The report is based on a recent survey of 966 full-time IT professionals who are cybersecurity decision makers or security influencers within their organizations. Over 75% of respondents work in organizations with over 500 employees in key geographic regions including the United States (U.S.), United Kingdom (U.K.), Australia and Singapore.

“Data drives the global economy yet protecting databases, where the most critical data resides, remains one of the least focused-on areas in cybersecurity,” said Arthur Wong, chief executive officer at Trustwave. “Our findings illustrate organizations are under enormous pressure to secure data as workloads migrate off-premises, attacks on cloud services increases and ransomware evolves. Gaining complete visibility of data either at rest or in motion and eliminating threats as they occur are top cybersecurity challenges all industries are facing.”

Key findings from the 2020 Trustwave Data Security Index report include:

  • More sensitive data moving to the cloud – Types of data organizations are moving into the cloud have become increasingly sensitive. Ninety-six percent of total respondents stated they plan to move sensitive data to the cloud over the next two years with 52% planning to include highly sensitive data with Australia at 57% leading the regions surveyed. Not surprisingly, when asked to rate the importance of securing data regarding digital transformation initiatives, an average score of 4.6 out of a possible high of five was tallied.
  • Hybrid cloud model driving digital transformation and data storage – Of those surveyed, most at 55% use both on-premises and public cloud to store data with 17% using public cloud only. Singapore organizations use the hybrid cloud model most frequently at 73% or 18% higher than the average and U.S. organizations employ it the least at 45%. Government respondents store data on-premises only the most at 39% or 11% higher than average. Additionally, nearly half of respondents at 48% stored data using the hybrid cloud model during a recent digital transformation project with only 29% relying solely on their own databases.
  • Most organizations use multiple cloud services – Seventy percent of organizations surveyed were found to use between two and four public cloud services and 12% use five or more. At 14%, the U.S. had the most instances of using five or more public cloud services followed by the U.K. at 13%, Australia at 9% and Singapore at 9%. Only 18% of organizations queried use zero or just one public cloud service.
  • Perceived threats do not match actual incidents – Thirty-eight percent of organizations are most concerned with malware and ransomware followed by phishing and social engineering at 18%, application threats 14%, insider threats at 9%, privilege escalation at 7% and misconfiguration attack at 6%. Interestingly, when asked about actual threats experienced, phishing and social engineering came in first at 27% followed by malware and ransomware at 25%. The U.K. and Singapore experienced the most phishing and social engineering incidents at 32% and 31% and the U.S. and Australia experienced the most malware and ransomware attacks at 30% and 25%. Respondents in the government sector had the highest incidents of insider threats at 13% or 5% above the average.
  • Patching practices show room for improvement – A resounding 96% of respondents have patching policies in place, however, of those, 71% rely on automated patching and 29% employ manual patching. Overall, 61% of organizations patched within 24 hours and 28% patched between 24 and 48 hours. The highest percentage patching within a 24-hour window came from Australia at 66% and the U.K. at 61%. Unfortunately, 4% of organizations took a week to over a month to patch.
  • Reliance on automation driving key security processes – In addition to a high percentage of organizations using automated patching processes, findings show 89% of respondents employ automation to check for overprivileged users or lock down access credentials once an individual has left their job or changed roles. This finding correlates to low concern for insider threats and data compromise due to privilege escalation according to the survey. Organizations must exercise caution when assuming removal of user access to applications to also include databases, which is often not the case.
  • Data regulations having minor impact on database security strategies – When asked if data regulations such as General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) impacted database security strategies, a surprising 60% of respondents said no. These findings may suggest a lack of alignment between information technology and other departments, such as legal, responsible for helping ensure stipulations like ‘the right to be forgotten’ are properly enforced to avoid severe penalties.
  • Small teams with big responsibilities – Of those surveyed, nearly half at 47% had a security team size of only six to 15 members. Respondents from Singapore had the smallest teams with 47% reporting between one and ten members and the U.S. had the largest teams with 22% reporting team size of 21 or more, 2% higher than the average. Thirty-two percent of government respondents surprisingly run security operations with teams between just six and ten members.   

Data Sources

Trustwave commissioned a third-party research firm to survey 966 full-time IT professionals who are cybersecurity decision makers or security influencers within their organizations. The objective of the survey was to assess the current and expected future states of database security across all data spheres, including on-premises, cloud and hybrid, and to examine some of the key challenges cybersecurity teams face. Respondents worked at either businesses or government agencies in the United States, United Kingdom, Australia and Singapore. Over 75 percent of the respondents worked in organizations with over 500 employees, with over 40 percent part of organizations with over 1,000 employees. The survey was conducted in August 2020. 

To download a complimentary copy of the 2020 Trustwave Data Security Index Report Global Security, visit: https://www.trustwave.com/en-us/resources/library/documents/2020-trustwave-data-security-index/.

About Trustwave

Trustwave is a leading cybersecurity and managed security services provider focused on threat detection and response. Offering a comprehensive portfolio of managed security services, consulting and professional services, and data protection technology, Trustwave helps businesses embrace digital transformation securely. Trustwave is a Singtel company and the global security arm of Singtel, Optus and NCS, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.              

Latest News Releases

Trustwave Named in 2024 Gartner® Market Guide for Co-Managed Security Monitoring Services

Chicago – March 14 – Trustwave, a global cybersecurity and managed security services leader, was named a Representative Vendor in its just released 2024 Market Guide for Co-Managed Security...

Read More

Trustwave Named a Leader in Frost & Sullivan MDR Radar Report

Chicago – March 11, 2024 – Trustwave, a global cybersecurity and managed security services leader, today was named a leader in the Frost & Sullivan 2024 Managed Detection and Response (MDR) Radar...

Read More

New Trustwave SpiderLabs Research Exposes Unique Cybersecurity Threats Facing Education Industry

Chicago – February 22, 2024 – Trustwave, a leading cybersecurity and managed security services provider, today released comprehensive research uncovering unique cybersecurity threats faced by...

Read More