Despite increasing numbers of data breaches and the theft and loss of more than two billion data records worldwide since 2013, organisations continue to believe perimeter security technologies are effective for data protection. That is according to new research from SafeNet, Inc, a US data protection product firm.
The study found that nearly three-quarters (74 per cent) of IT decision-makers believe that their organisation’s firewall is effective at keeping out unauthorised users. Yet, nearly half (44 per cent) admit that their organisation’s firewall has been breached or do not know if it has been breached. In addition, more than 60 per cent are not confident that data would be secure if unauthorised users were able to penetrate their network’s perimeter security.
The survey results illustrate the organisers say that despite the increasing number of network breaches and data record losses, businesses are continuing to invest more of their IT budgets in perimeter security and breach prevention technologies versus defence-in-depth strategies that include strong multi-factor authentication and data encryption. In the first half of 2014 alone, more than 375 million customer records were stolen, an increase of 31 per cent compared to the same period last year, according to the study. The research found that 93 per cent of IT decision-makers say that their organisation’s investments in perimeter security has either increased or stayed the same over the past five years, with an average of 9 per cent of IT budget currently spent purchasing, deploying, and maintaining firewall technology. For the next twelve months, respondents planned to continue this trend, spending approximately the same amount (9.05 per cent) on firewall technology.
Two-thirds of IT decision makers (67 per cent) also admit that they would not decrease spending on perimeter defences, such as firewall technology, in favour of other technologies. In fact, if asked to get rid of one method to protect sensitive data, the majority would eliminate anomaly detection (49 per cent) or data security measures like encryption (24 per cent) rather than perimeter security (15 per cent). Despite a high degree of confidence in the effectiveness of perimeter security, IT decision-makers expressed lower confidence in their company’s ability to protect data against growing security threats, with the research revealing that:
· Over half (60 per cent) are not confident that data would be secure if unauthorised users penetrated their network’s perimeter security.
· Two-fifths (41 per cent) said they think unauthorised users are able to access their networks.
· One-third (34 per cent) of IT decision makers reported that they have become less confident with the security industry’s ability to detect and defend against emerging security threats.
· One-quarter of IT decision makers (25 per cent) admit that if they were a customer of their organisation, they would not trust the company to store and manage their personal data.
· Over half (53 per cent) suggest that high-profile data breaches in the news have driven their organisation to change their security strategy.
“The research findings reveal some interesting contradictions between the perception and the reality of data security,” said Tsion Gonen, chief strategy officer, SafeNet. “What’s worrying is that so many organisations are still putting all of their eggs in one basket when it comes to data security. Perimeter security technologies are just one layer of protection, but too many companies rely on them as the foundation of their data security strategy when, in reality, the perimeter no longer exists. From the sheer volume of data breaches alone, it’s clear that if a cybercriminal wants to hack the system or steal data, they will find a way to do so. So companies need to focus on what matters most – protecting the data. That means building more intelligent security strategies and using defence-in-depth with multi-factor authentication and placing security directly on the data with encryption.”
About the research
By Vanson Bourne on behalf of SafeNet, it polled more than 1000 individuals across the US, UK, Europe, Middle East and Asia-Pacific. Respondents comprised of security and IT executives from industries including financial services, healthcare, manufacturing, public sector, telecommunications, utilities, retail, construction, insurance, legal and more. The full report can be found at – http://www2.safenet-inc.com/data-security-confidence-index/
