Businesses face plenty of emerging cloud and mobile security threats in 2014 that go beyond the capabilities of many service providers. One way of cutting IT security cost is to adopt a more data-driven approach to security, according to a report by researchers from the Georgia Institute of Technology.

The university’s recently released 2014 Emerging Cyber Threats Report also said that employee’s use of cloud data services poses one of the greater risks to corporate networks. Seven in 10 IT managers today either confirm or assume that employees are saving business data to the cloud but very few companies are addressing the problem, the report said.

Cybercrime rings are using cloud service and file sharing sites to steal data from businesses or slip malicious software into business networks.

Georgia Tech researchers recommend that companies review how data moves through their organization, develop a policy for the use of cloud services and conduct an inventory of their employees’ cloud use.

Traditional approach to security has been to build layers of technology between computer systems and attackers. This has led to the roll out of expensive systems, the report said.

Companies can cut IT security cost by employing a data-driven approach to security, according to the researchers.

Instead of just keeping out attackers, the researchers said, companies should gather and act on threat intelligence.

This could include identifying networks and assets and prioritizing defences based on value, vulnerability and criticality.

Companies can also kill-chain analysis to determine how attackers are able to target intellectual property.

Organization should focus on rapidly assessing the current state of the network and assets and what attackers are likely to hit. This will help businesses prioritize their incident response.

Read the whole story here