Varonis debuts trailblazing features for securing Salesforce. Learn More

Varonis named a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023

Read the report

5 Cybersecurity Concerns of Industry Insiders

3 min read
Published March 29, 2020
Last updated January 17, 2023

We asked professionals attending two of the world’s biggest cybersecurity conferences – RSA in San Francisco and Infosecurity in London – five questions to gauge their opinions and attitudes about current issues and concerns on everything from GDPR and the Facebook data scandal to cloud security. Read on to discover what we found after surveying folks who live and breathe security every day.

Question 1: Should the U.S. and/or individual states standardize data privacy laws (including the right to be forgotten)?

Companies around the world scrambled to locate and lock down their data as the highly anticipated EU GDPR deadline arrived on May 25, 2018. EU citizens welcomed the GDPR, gaining control of their data and flexing their data privacy muscles. For the first time, consumers could demand companies locate and delete their personal information with the GDPR’s “right to be forgotten” policy.

Get the Free Pentesting Active
Directory Environments e-book

The GDPR deadline brought a wave of “privacy policy warning” pop-ups. Websites big and small updated their privacy policies to accommodate the new guidelines to cover their bases. While many organizations are still figuring out what it takes to comply, some U.S. states, such as California, are getting a serious case of GDPR envy and crafting data privacy laws modeled after the EU legislation. This is only the beginning and more states will likely follow with laws of their own.

Our survey found that 90% of cybersecurity professionals believe the U.S. and individual states should standardize data privacy laws. New data laws could be game changers for organizations of all sizes: Most companies are not equipped to handle the influx of consumer requests and meet their new data obligations under these new laws.

Question 2: In the wake of the Facebook/Cambridge Analytica news, will you continue to use Facebook?

When Facebook and Cambridge Analytica were caught red-handed harvesting and misusing personal data of 87 million users – in violation of its own terms and conditions – some expected a backlash against the social media giant.

Despite the recent controversy, 54% of security pros plan to continue to use Facebook. However, many may be starting to think before they “like,” or delete accounts entirely, with 42% of security pros stating they’ve stopped using Facebook (21%) or don’t use Facebook (21%).

Question 3: Where would your organization’s proprietary information and customer data be best protected from insider threats and cyberattacks?

While “cloud” is one of the biggest security buzzwords of 2018, the reality is most organizations follow a hybrid model and store their data both on-premises and in the cloud.

Recent attacks have shown that organizations can’t put all their eggs in the cloud basket and trust that their data is safe. For example, unsuspecting administrators from companies like FedEx, the Republican National Committee and Accenture all left important data exposed on Amazon Web Services S3 buckets – demonstrating that the cloud is still vulnerable when basic security principles aren’t followed.

Got cloud? Not so fast: 40% of respondents believe their data is best protected from insider threats and cyber attacks in on-premises data stores. 23% of cybersecurity professionals believe their organization’s proprietary data is safest in cloud data stores. 34% of respondents said it doesn’t matter where data stored.

Question 4: Does your organization keep Bitcoin in reserve to pay off attackers?

When the cold, hard (digital) cash became hackers’ preferred payment method after hitting victims with ransomware, companies started to stockpile Bitcoin for fast access to get their data back – or were they?

Following the monumental WannaCry ransomware attack, which cost organizations around the world (by some estimates) nearly $4 billion in losses, organizations aren’t seeing the need to saving the controversial cryptocurrency for a rainy day. The vast majority — 84% of respondents — stated that their organization doesn’t keep Bitcoin on hand. Just 13% of cybersecurity professionals are saving Bitcoin for a possible attack.

Question 5: Is your organization better at protecting itself from cybersecurity threats than it was one year ago?

A lot can happen in a year: a plethora of social media breaches, a continued surge in cloud migrations, the introduction of several new data-privacy laws, and more. According to respondents, more than half (64%) believe they are in better cybersecurity shape than last year, while 16% say they’re doing about the same at warding off attacks.

Are organizations overly confident in their security? Some companies may be overdue for a reality check: Earlier this year, we found that 58% of organizations have more than 100,000 folders with sensitive open to all employees – putting them at risk from insider attacks, ransomware and other threats.



Is your organization at risk? Contact us today for a free Data Risk Assessment.

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
Try Varonis free.
Get a detailed data risk report based on your company’s data.
Deploys in minutes.
Keep reading
speed-data: why-cybersecurity-is-an-unceasing-progression-with-siwar-el-assad
Speed Data: Why Cybersecurity is an Unceasing Progression With Siwar El Assad
Siwar El Assad chats about the impact of cybersecurity on modern society, the reality of breaches, and how a chance encounter led Siwar to the industry.
DSPM Deep Dive: Debunking Data Security Myths
DSPM is the leading acronym in cybersecurity. However, the recent buzz has cluttered the meaning of data security posture management. Let's demystify it.
Speed Data: Rethinking Traditional Cybersecurity Principles With Rick Howard
Rick Howard, author, journalist, and Senior Fellow at the CyberWire, chats about his new book on rebooting cybersecurity principles with Varonis' Megan Garza.
The Benefits of Threat and Data Breach Reports
Threat and data breach reports can help organizations manage security risks and develop mitigation strategies. Learn our three pillars of effective data protection and the benefits from these reports.