Despite the increasing number of data breaches and nearly 1.4 billion data records being lost or stolen in 2016, the vast majority of IT professionals still believe perimeter security is effective at keeping unauthorised users out of their networks.
However, companies are under-investing in technology that adequately protects their business, according to the findings of the fourth-annual Data Security Confidence Index released by Gemalto.
Surveying 1,050 IT decision makers worldwide, businesses feel that perimeter security is keeping them safe, with most (94 per cent) believing that it is quite effective at keeping unauthorised users out of their network. However, 65 per cent are not extremely confident their data would be protected, should their perimeter be breached, a slight decrease on last year (69 per cent). Despite this, nearly six in 10 (59 per cent) organisations report that they believe all their sensitive data is secure.
Perimeter security is the focus, but understanding of technology and data security is lacking
Many businesses are continuing to prioritise perimeter security without realising it is largely ineffective against sophisticated cyberattacks. According to the research findings, 76 per cent said their organisation had increased investment in perimeter security technologies such as firewalls, IDPS, antivirus, content filtering and anomaly detection to protect against external attackers. Despite this investment, two-thirds (68 per cent) believe that unauthorised users could access their network, rendering their perimeter security ineffective.
These findings suggest a lack of confidence in the solutions used, especially when over a quarter (28 per cent) of organisations have suffered perimeter security breaches in the past 12 months. The reality of the situation worsens when considering that, on average, only 8 pere cent of data breached was encrypted.
Businesses’ confidence is further undermined by over half of respondents (55 per cent) not knowing where their sensitive data is stored. In addition, over a third of businesses do not encrypt valuable information such as payment (32 per cent) or customer (35 per cetn) data. This means that, should the data be stolen, a hacker would have full access to this information, and can use it for crimes including identify theft, financial fraud or ransomware.
“It is clear that there is a divide between organisations’ perceptions of the effectiveness of perimeter security and the reality,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “By believing that their data is already secure, businesses are failing to prioritise the measures necessary to protect their data. Businesses need to be aware that hackers are after a company’s most valuable asset – data. It’s important to focus on protecting this resource, otherwise reality will inevitably bite those that fail to do so.”
Most Businesses are unprepared for GDPR
With the General Data Protection Regulation (GDPR) becoming enforceable in May 2018, businesses must understand how to comply by properly securing personal data to avoid the risk of administrative fines and reputational damage. However, over half of respondents (53 per cent) say they do not believe they will be fully compliant with GDPR by May next year. With less than a year to go, businesses must begin introducing the correct security protocols in their journey to reaching GDPR compliance, including encryption, two-factor authentication and key management strategies.
Hart continues, “Investing in cybersecurity has clearly become more of a focus for businesses in the last 12 months. However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold, or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don’t improve their cybersecurity will face severe legal, financial and reputational consequences.”
The GDPR Summit London, the UK’s largest GDR Conference, is being held on January 30th. This one-day deep-dive event will explore the effects of the General Data Protection Regulation on business critical processes. Click here to learn more.