Organizations Are Deeply Conflicted About Data Protection

Confusion and shaky confidence rules the day for most organizations when it comes to protecting their critical data, as 44% of them admit their firewall has been breached, or don’t know if it has.

According to the 2014 SafeNet Data Security Confidence Index, there seems to be a lack of consensus when it comes to cybersecurity readiness. About three-quarters of IT decision-makers (74%) believe their organization’s firewall is effective at keeping out unauthorized users. Yet, 41% believe unauthorised users are able to access their networks.

And while around half (53%) suggest that high-profile data breaches in the news have driven their organization to change their security strategy, and the majority said that they plan to invest the same amount in perimeter security this year. But, 60% of them said that they are not confident that data would be secure if unauthorized users penetrated their network’s perimeter security. One-third (34%) of IT decision makers reported that they have become less confident with the security industry’s ability to detect and defend against emerging security threats.

And in fact, one quarter of IT decision makers (25%) admit that if they were a customer of their organization, they would not trust the company to store and manage their personal data.

“The research findings reveal some interesting contradictions between the perception and the reality of data security,” said Tsion Gonen, chief strategy officer at SafeNet, in a statement.

SafeNet estimates that there has been theft and loss of more than 2 billion data records worldwide since 2013. In the first half of 2014 alone, more than 375 million customer records were stolen, an increase of 31% compared to the same period last year.

“From the sheer volume of data breaches alone, it’s clear that if a cybercriminal wants to hack the system or steal data, they will find a way to do so. So companies need to focus on what matters most – protecting the data,” Gonen said. “That means building more intelligent security strategies and using defence-in-depth with multi-factor authentication and placing security directly on the data with encryption.”

Despite the clear indications that existing approaches may need to be overhauled, the survey results illustrate that organizations continue to believe perimeter security technologies are effective for data protection, rather than investing in defense-in-depth strategies.

The research found that 93% of IT decision-makers say that their organization’s investments in perimeter security has either increased or stayed the same over the past five years, with an average of 9% of IT budget being currently spent purchasing, deploying and maintaining firewall technology. For the next 12 months, respondents planned to continue this trend, spending approximately the same amount (9.05%) on firewalls.

Two-thirds of IT decision makers (67%) also admit that they would not decrease spending on perimeter defenses, such as firewall technology, in favor of other technologies. In fact, if asked to get rid of one method to protect sensitive data, the majority would eliminate anomaly detection (49%) or data security measures like encryption (24%) rather than perimeter security (15%).

“What’s worrying is that so many organizations are still putting all of their eggs in one basket when it comes to data security,” Gonen said. “Perimeter security technologies are just one layer of protection, but too many companies rely on them as the foundation of their data security strategy when, in reality, the perimeter no longer exists.”

What’s Hot on Infosecurity Magazine?