Organizations need to change mindset from breach prevention to breach acceptance
- Published: Thursday, 09 June 2016 07:25
Despite the increasing number of data breaches and more than 3.9 billion data records worldwide being lost or stolen since 2013, organizations continue to believe that perimeter security technologies are effective against data breaches. This is one of the many findings of the third-annual Data Security Confidence Index released by Gemalto.
Of the 1,100 IT decision makers surveyed worldwide, 61 percent said their perimeter security systems (firewall, IDPS, AV, content filtering, anomaly detection, etc.) were very effective at keeping unauthorized users out of their network. However, 69 percent said they are not confident their organization's data would be secure if their perimeter security was breached. This is up from 66 percent in 2015 and 59 percent in 2014. Furthermore, 66 percent believe unauthorized users can access their network and nearly two in five (16 percent) said unauthorized users could access their entire network.
"This research shows that there is indeed a big divide between perception and reality when it comes to the effectiveness of perimeter security," said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. "The days of breach prevention are over, yet many IT organizations continue to rely on perimeter security as the foundation of their security strategies. The new reality is that IT professionals need to shift their mindset from breach prevention to breach acceptance and focus more on securing the breach by protecting the data itself and the users accessing the data."
Perimeter security is a focus, but not a panacea for data breaches
According to the research findings, 78 percent of IT decision makers said they had adjusted their strategies as a result of high profile data breaches, up from 71 percent in 2015. 86 percent said they had increased spending on perimeter security and 85 percent believe that their current investments are going to the right security technologies.
Despite the increased focus on perimeter security, the findings show the reality many organizations face when it comes to preventing data breaches. 64 percent of those surveyed said their organizations experienced a breach at some time over the past five years. More than a quarter (27 percent) said they experienced a breach in the past 12 months, with a similar number of IT decision makers (30 percent) reporting the same frequency in 2015. This suggests that organizations have not made significant improvements in reducing the number of data breaches despite increased investments in perimeter security.
"While companies are confident in the amount of spending and where they are spending it, it's clear the security protocols they are employing are not living up to expectations. While protecting the perimeter is important, organizations need to come to the realization that they need a layered approach to security in the event the perimeter is breached. By employing tools such as end-to-end encryption and two-factor authentication across the network and the cloud, they can protect the whole organization and, most importantly, the data," concluded Hart.
About the survey
Independent technology market research specialist Vanson Bourne surveyed 1,100 IT decision makers across the US, UK, France, Germany, Russia, India, Japan, Australia, Brazil, Benelux and the Middle East on behalf of Gemalto. The sample was split between Manufacturing, Healthcare, Financial Services, Government, Telecoms, Retail, Utilities, Consultation and Real Estate, Insurance and Legal, organizations with 250 to more than 5,000 employees.
To download the entire report, click here.