IT departments don't trust their own security choices

More than half (59%) said that if a network perimeter breach were to occur, their high-value data would not be safe. The consensus? Threats to vital infrastructure and high-value data have outgrown traditional breach prevention strategies, such as network perimeter security and anti-malware.

“While the overall IT and threat landscape has dramatically changed over the past several years, the security industry has been slow to adapt to those changes,” said Dave Hansen, president and CEO at SafeNet, which carried out the survey. “Today’s threat landscape demands a mindset that moves beyond attempting to achieve absolute breach prevention. Organizations must accept that a breach will happen and implement strategies such as encryption that secure the breach by making the data useless to anyone but its rightful owner.”

The questioning also turned up the fact that 66% of security professionals believe that they will suffer a data breach within the next three years. When asked if they were confident in the security industry’s ability to detect or prevent security breaches, only 19% were confident, 49% remained unconvinced that the industry can thwart current threats, and 33% have become less confident in its ability to do so.

Despite a lack of confidence, there also seems to be a fair amount of entropy. One out of three (35%) security professionals surveyed stated that their security investments are being deployed to the wrong technologies – but even so, 95% continue to invest in and employ the same data security strategies.

“The good news is that this phase of insanity and denial cannot continue for long,” said Tsion Gonen, SafeNet chief strategy officer, in a blog. "The bad news, though, is that the denial will only end because breaches will become too catastrophic to ignore. What we should be thinking about is life in a post-breach prevention world, an era I call 'breach acceptance.'”

He added, "In this modern era, organizations will move beyond relying solely on breach prevention approaches and will accept that a breach will happen, and then apply tactics and technologies to mitigate the impact of that breach.”

SafeNet postulates that existing threat mitigation technologies are undermining confidence in the entire industry. When asked if the recent spate of security breaches caused respondents to rethink their security strategies, more than half (52%) stated that high-profile data breaches have indeed caused them to adjust their data security strategies. However, when survey respondents were asked if they believe a security breach could happen, over 65% believe they will suffer a data breach within the next three years.

“This became abundantly clear when more than 74% of respondents indicated that while they believe network perimeter defenses are effective at keeping unauthorized users out, 31% of those same respondents acknowledged that their network perimeter defenses have been breached in the past,” SafeNet noted in the report. “What is more concerning is that 20% said they were not even certain whether or not they had been breached, indicating that the respondents may not have the right technologies in place to detect whether an internal or external security breach has occurred.”

“It is clear that maintaining the same approach of years past is antiquated and dangerous,” Hansen said. “As an industry, we know what needs to be done, and the time for change and action is now.”

What’s hot on Infosecurity Magazine?