New SANS Institute Survey Shows Data Breach Prevention Practices Are Evolving

Bethesda, Md. – Despite the potential costs, legal consequences and other negative outcomes of data breaches, they continue to happen. A new SANS Institute survey looks at the preventive aspect of breaches - and what security and IT practitioners actually are, or are not, implementing for prevention.

The survey, Breach Detected! Could It Have Been Prevented?, looked at how practitioners might overcome barriers to implementing effective prevention, including developing clear requirements and defining specific preventive measures, such as the role of automation, threat intelligence and others.

The survey also illustrates an apparent disconnect between what is considered preventive by the majority of respondents and the measures that have been implemented for prevention:

  • 85 percent of respondents consider blocking known malware as a preventive measure, yet less than half (40 percent) have implemented these methods;
  • 63 percent consider robust testing is preventive, while only 39 percent have implemented robust testing;
  • Nearly 60 percent consider metrics-based evaluation and reporting preventive but only 40 percent are using evaluation and reporting.

Said SANS Institute senior analyst and survey paper author Barbara Filkins, "Many data breaches can be avoided or the impact mitigated, but preventing them continues to be a challenge in the real world. The survey illustrates the disconnect between what respondents consider preventive controls versus what they have implemented as preventive measures."

Respondents indicated that lack of enough staffing, inadequate budgets and a deficit of skills are barriers to preventing breaches. Limitations in legacy infrastructure also emerged as a factor prohibiting organization from not being more proactive in protecting critical data.

"We must change the way we think about cybersecurity today and address the gap between understanding preventative measures and actually implementing them," said Rick Howard, chief security officer, Palo Alto Networks. "If we adopt a breach prevention-oriented mindset, the combination of next-generation technology, improvements in processes and training, and real-time sharing of threat intelligence, organizations can vastly reduce the number of successful attacks and restore the digital trust we all require for our global economy."

"Data collected from survey respondents points to the need to better define prevention in terms of the metrics (qualitative or quantitative) that can be used to explain and justify preventive measures to management/decision makers in an organization," said Filkins.

The survey also looked at how practitioners might overcome barriers to implementing effective prevention, including developing clear requirements and defining specific preventive measures, including the role of automation, threat intelligence and others.

Full results will be shared during a free webcast Tuesday, Sept. 13, 1:00 p.m. Eastern Standard Time, sponsored by Palo Alto Networks.

Register to attend the complimentary webcast at:
Those who register for the webcast will also receive access to the published results paper.

Tweet this:

Breach Detected! Could It Have Been Prevented?" SANS 2016 Data Breach Survey results w/ @PaloAltoNtwks 9/13 1PM EDT

UPCOMING WEBCAST! Don't miss the SANS 2016 Data Breach Prevention Survey results w/ @PaloAltoNtwks | 9/13 @ 1PM EDT|

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (