The recent report by Gemalto reveals a widening gap emerging between the perception and the reality of perimeter security effectiveness among global IT decision makers. It also shows increasing levels of investment in data protection, despite an exponential growth in the number of data breaches.
According to Gemalto’s Breach Level Index (BLI), the number of global data breaches continues to increase, with more than 1,500 data breaches that led to one billion data records compromised in 2014 alone, a 49 percent increase in data breaches and a 78 percent increase in data records stolen or lost compared to 2013.
Despite this, the DSCI research shows that globally, almost nine out of ten (87 percent) IT decision makers feel their organisation’s perimeter security systems are effective at keeping out unauthorised users. The study shows that IT decision makers are looking to further increase their investment in perimeter security with 64 percent looking to do so in the next 12 months.
In the Middle East, IT decision-makers are planning to spend on an average 6.74 percent of their security budget on perimeter security technology and 13 percent on firewall technology. Interestingly, when thinking of the most recent breaches, the average amount of breached data protected by encryption was below 3 percent, highlighting the need for a more robust data protection strategy.
According to Sebastien Pavie, Regional Sales Director, MEA, SafeNet, the number of sophisticated breaches on the rise, hence relying on perimeter security systems alone is no longer enough. Traditional security staples such as firewalls and anti-virus should be part of a much greater security strategy. IT decision makers need to take into account that if someone is motivated enough they will breach a network, no matter how well it is protected.
Further into the report, it has been identified that, 26 percent believe unauthorised users are still able to access their networks and a further 20 percent are not confident in the security of their organisation’s data, should a breach occur. In fact, the DSCI survey reveals that as a result of recent high profile breaches, 52 percent of organisations have adjusted their security strategy, but are still focused on perimeter security. Additionally, 91 percent of IT decision makers stated that their investment in perimeter security has increased over the past five years, though 6% admitted that in the past 12 months their company has been victim to a breach, showing the need to approach security differently.
Although high-profile data breaches have driven more than half of the organisations in the Gulf region (52 percent) to adjust their security strategy, 28 percent of the respondents are no more confident than they were this time last year in the security industry’s ability to detect and defend against emerging security threats and a striking 66 percent are less confident than 12 months ago.
As a result of these attacks, 100 percent of the respondents mentioned that they have suffered negative commercial consequences, such as delays in product/service development, decreased employee productivity, decreased customer confidence, and loss of costumers. This highlights the severe consequences of data breaches, which can be damaging both to an organisation’s reputation and bottom line, as well as to customers’ confidence in all industry sectors.
Pavie further underlined that organisations still place too much emphasis on perimeter security, even though it has proven to be ineffective. He advises that decision makers should place greater importance on customer data, and look to adopt a ‘secure the breach’ approach that focuses on securing the data after intruders penetrate the perimeter defenses. Which means that they need to attach security directly to the data itself using multi-factor authentication and data encryption, as well as securely managing encryption keys. That way, if the data is stolen, it is useless.