AMSTERDAM - Despite the increasing number of data breaches and nearly 1.4 billion data records being lost or stolen in 2016 (source: Breach Level Index), the vast majority of IT professionals still believe perimeter security is effective at keeping unauthorized users out of their networks. However, companies are under investing in technology that adequately protects their business, according to the findings of the fourth-annual Data Security Confidence Index released today by Gemalto, the world leader in digital security.
Surveying 1,050 IT decision makers worldwide, businesses feel that perimeter security is keeping them safe, with most (94%) believing that it is quite effective at keeping unauthorized users out of their network. However, 65% are not extremely confident their data would be protected, should their perimeter be breached, a slight decrease on last year (69%). Despite this, nearly six in 10 (59%) organizations report that they believe all their sensitive data is secure.
Perimeter security is the focus, but understanding of technology and data security is lacking
Many businesses are continuing to prioritize perimeter security without realizing it is largely ineffective against sophisticated cyberattacks. According to the research findings, 76% said their organization had increased investment in perimeter security technologies such as firewalls, IDPS, antivirus, content filtering and anomaly detection to protect against external attackers. Despite this investment, two thirds (68%) believe that unauthorized users could access their network, rendering their perimeter security ineffective.
These findings suggest a lack of confidence in the solutions used, especially when over a quarter (28%) of organizations have suffered perimeter security breaches in the past 12 months. The reality of the situation worsens when considering that, on average, only 8% of data breached was encrypted.
Businesses' confidence is further undermined by over half of respondents (55%) not knowing where their sensitive data is stored. In addition, over a third of businesses do not encrypt valuable information such as payment (32%) or customer (35%) data. This means that, should the data be stolen, a hacker would have full access to this information, and can use it for crimes including identify theft, financial fraud or ransomware.
"It is clear that there is a divide between organizations' perceptions of the effectiveness of perimeter security and the reality," said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. "By believing that their data is already secure, businesses are failing to prioritize the measures necessary to protect their data. Businesses need to be aware that hackers are after a company's most valuable asset - data. It's important to focus on protecting this resource, otherwise reality will inevitably bite those that fail to do so."
Most Businesses are unprepared for GDPR
With the General Data Protection Regulation (GDPR) becoming enforceable in May 2018, businesses must understand how to comply by properly securing personal data to avoid the risk of administrative fines and reputational damage. However, over half of respondents (53%) say they do not believe they will be fully compliant with GDPR by May next year. With less than a year to go, businesses must begin introducing the correct security protocols in their journey to reaching GDPR compliance, including encryption, two-factor authentication and key management strategies.
Hart continues, "Investing in cybersecurity has clearly become more of a focus for businesses in the last 12 months. However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold, or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don't improve their cybersecurity will face severe legal, financial and reputational consequences."
About the survey
Independent technology market research specialist Vanson Bourne surveyed 1,050 IT decision makers across the US, UK, France, Germany, India, Japan, Australia, Brazil, Benelux the Middle East and South Africa on behalf of Gemalto. The sample was split between Manufacturing, Healthcare, Financial Services, Government, Telecoms, Retail, Utilities, Consultation and Real Estate, Insurance and Legal, IT and other sectors from organizations with 250 to more than 5,000 employees.
Gemalto (Euronext NL0000400653 GTO) is the global leader in digital security, with 2016 annual revenues of EUR 3.1 billion and customers in over 180 countries. We bring trust to an increasingly connected world.
From secure software to biometrics and encryption, our technologies and services enable businesses and governments to authenticate identities and protect data so they stay safe and enable services in personal devices, connected objects, the cloud and in between.
Gemalto's solutions are at the heart of modern life, from payment to enterprise security and the internet of things. We authenticate people, transactions and objects, encrypt data and create value for software - enabling our clients to deliver secure digital services for billions of individuals and things.
Our 15,000+ employees operate out of 112 offices, 43 personalization and data centers, and 30 research and software development centers located in 48 countries.
For more information visit www.gemalto.com, or follow @gemalto on Twitter.
Gemalto media contacts:
Shintaro Suzuki, Asia Pacific, +65 6317 8266, firstname.lastname@example.org
Why nation-state attacks are everyone’s problem
Hear from Invictus Games Sydney 2019 CEO, Patrick Kidd OBE and Head of Technology, @James-d-smith -share their insights on how they partnered with Unisys to protect critical data over an open, public WiFi solution.
With so much change all the time, how can executives best prepare their businesses to meet the security challenges of the coming years? CSO Australia, in conjunction with Mimecast, explored this question in an interactive Webinar that looks at how the threat landscape has evolved – and what we can expect in 2019 and beyond.
An interview with CSO's David Braue and Ian Yip, Chief Technology Officer, McAffee.
According to new research conducted by the Ponemon Institute, Australia and New Zealand have the highest levels of data breaches out of the nine countries investigated. This was linked to heavy investment in security detection and an under-investment in security and vulnerability response capabilities