Despite the increasing number of data breaches and more than 3.9 billion data records worldwide being lost or stolen since 2013, organisations continue to believe that basic perimeter security technologies are effective against data breaches. This is one of the many findings of the third-annual Data Security Confidence Index released by Gemalto.
Of the 1,100 IT decision makers surveyed worldwide, 50 were based in the Middle East. Of these respondents 94 percent said their perimeter security systems (firewall, IDPS, AV, content filtering, anomaly detection, etc.) were effective at keeping unauthorised users out of their network. Despite this, 54 percent said they have suffered from a perimeter security system breach in the past 12 months. Furthermore, 60 percent believe unauthorised users can access their network and 36 percent said unauthorised users could access their entire network, in the event of a data breach.
Over the last five years, the Middle Eastern organisations surveyed have incurred a total financial loss of approximately $1,493,590 due to system perimeter breaches. Subsequently, the average cost of detecting and fixing these breaches was approximately $35,232,000. Furthermore, organisations suffered from consequences such as delays in getting products and services to the market (56 percent); decreased customer confidence (38 percent) and the loss of a new or incremental business opportunity (32 percent). Despite these breaches, organisations continue to invest in perimeter security versus data protection.
“This research shows that there is indeed a big divide between perception and reality when it comes to the effectiveness of perimeter security,” said Sebastien Pavie, Regional Director MENA, Identity and Data Protection, Gemalto. “The days of breach prevention are over, yet many IT organisations continue to rely on perimeter security as the foundation of their security strategies. The new reality is that IT professionals need to shift their mindset from breach prevention to breach acceptance and focus more on securing the breach by protecting the data itself and the users accessing the data.”
According to the research findings, 58 percent of IT decision makers said they would adjust their strategies as a result of high profile data breaches and allocate more spending to data security (encryption, fraud detection and/or key management). 52 percent said they had increased spending on perimeter security and believe that their current investments are going to the right security technologies.
Despite the increased focus on perimeter security, the findings show the reality many organisations face when it comes to preventing data breaches. All organisations surveyed in the Middle East – 100 percent of them – said their organisations experienced a breach at some time over the past five years. This suggests that organisations have not made significant improvements in reducing the number of data breaches despite increased investments in perimeter security.
“While companies are confident in the amount of spending and where they are spending it, it’s clear the security protocols they are employing are not living up to expectations. While protecting the perimeter is important, organisations need to come to the realisation that they need a layered approach to security in the event the perimeter is breached. By employing tools such as end-to-end encryption and two-factor authentication across the network and the cloud, they can protect the whole organisation and, most importantly, the data,” concluded Pavie.
