advertisement
Wide gap exists between perception and reality of perimeter security effectiveness
The number of global data breaches continues to increase – according to Gemalto’s Breach Level Index (BLI), more than 1,500…
The number of global data breaches continues to increase – according to Gemalto’s Breach Level Index (BLI), more than 1,500 data breaches led to one billion data records compromised in 2014 alone, a 49 per cent increase in data breaches and a 78 per cent increase in data records stolen or lost compared to 2013. Despite this the DSCI research shows that almost nine out of ten (87 per cent) IT decision makers feel their organization’s perimeter security systems are effective at keeping out unauthorized users. The study shows that IT decision makers are looking to further increase their investment in perimeter security with 64 per cent looking to do so in the next 12 months. Interestingly, when thinking of the most recent breaches, the average amount of breached data protected by encryption was below 8 per cent, highlighting the need for a more robust data protection strategy.
Nevertheless, a third (33 per cent) believe unauthorized users are still able to access their networks and a further 34 per cent are not confident in the security of their organization’s data, should a breach occur. In fact, the DSCI survey reveals that as a result of recent high profile breaches, 71 per cent of organizations have adjusted their security strategy, but are still focused on perimeter security. Adding to the confusion, nearly three quarters of IT decision makers (72 per cent) stated that their investment in perimeter security has increased over the past five years, though 30 per cent admitted that in the past 12 months their company has been victim to a breach, showing the need to approach security differently. Although high-profile data breaches have driven over seven in 10 (71 per cent) organizations to adjust their security strategy, more than three in five (62 per cent) respondents are no more confident than they were this time last year in the security industry’s ability to detect and defend against emerging security threats.
“With the number of sophisticated breaches on the rise, relying on perimeter security systems alone is no longer enough. Traditional security staples such as firewalls and anti-virus should be part of a much greater security strategy. IT decision makers need to take into account that if someone is motivated enough they will breach a network, no matter how well it is protected,” said Tsion Gonen, Vice President of Strategy for Identity and Data Protection at Gemalto.
advertisement
As a result of these attacks, nine out of 10 organizations (90 per cent) suffered negative commercial consequences, including delays in product or service development (31 per cent), decreased employee productivity (30 per cent), decreased customer confidence (28 per cent), and negative press (24 per cent). This highlights the severe consequences of data breaches, which can be damaging both to an organization’s reputation and bottom line, as well as to customers’ confidence in entire industry sectors.
“Organizations still place too much emphasis on perimeter security, even though it has proven to be ineffective”, added Gonen. “Decision makers should place greater importance on customer data, and look to adopt a ‘secure the breach’ approach that focuses on securing the data after intruders penetrate the perimeter defenses. This means they need to attach security directly to the data itself using multi-factor authentication and data encryption, as well as securely managing encryption keys. That way, if the data is stolen, it is useless to the thief.”
The research conducted by Vanson Bourne on behalf of Gemalto polled more than 900 individuals across the U.S., UK, Europe, Middle East and Asia-Pacific. Respondents were comprised of security and IT executives across various verticals, including financial services, healthcare, manufacturing, the public sector, telecommunications, utilities, retail, construction, insurance, legal and more.