Low confidence in breach prevention

Despite increasing numbers of data breaches and the theft and loss of more than 2 billion data records worldwide since 2013, organizations continue to believe perimeter security technologies are effective for data protection.

SafeNet found that nearly three quarters (74%) of IT decision-makers believe that their organization’s firewall is effective at keeping out unauthorized users. Yet, 44% admit that their organization’s firewall has been breached or do not know if it has been breached. In addition, more than 60% are not confident that data would be secure if unauthorized users were able to penetrate their network’s perimeter security.

Despite the increasing number of network breaches and data record losses, businesses are continuing to invest more of their IT budgets in perimeter security and breach prevention technologies versus defense in depth strategies that include strong multi-factor authentication and data encryption.

In the first half of 2014 alone, more than 375 million customer records were stolen, an increase of 31% compared to the same period last year, according to the SafeNet Breach Level Index (BLI).

The research found that 93% of IT decision-makers say that their organizations’ investments in perimeter security has either increased or stayed the same over the past five years, with an average of 9% of IT budget currently spent purchasing, deploying and maintaining firewall technology. For the next twelve months, respondents planned to continue this trend, spending approximately the same amount (9.05%) on firewall technology.

Two thirds of IT decision makers (67%) also admit that they would not decrease spending on perimeter defenses such as firewall technology in favor of other technologies. In fact, if asked to get rid of one method to protect sensitive data, the majority would rather eliminate anomaly detection (49%) or data security measures like encryption (24%) than perimeter security (15%).

Despite a high degree of confidence in effectiveness of perimeter security, IT decision makers expressed lower confidence in their companies’ ability to protect data against growing security threats, with the research revealing that:

  • Over half (60%) are not confident that data would be secure if unauthorized users penetrated their network’s perimeter security.
  • Two-fifths (41%) said they think unauthorized users are able to access their networks.
  • One third (34%) of IT decision makers reported that they have become less confident with the security industry’s ability to detect and defend against emerging security threats
  • One quarter of IT decision makers (25%) admit that if they were a customer of their organization, they would not trust the company to store and manage their personal data.
  • Over half (53%) suggest that high-profile data breaches in the news have driven their organization to change their security strategy.

“The research findings reveal some interesting contradictions between perception and the reality of data security,” said Tsion Gonen, chief strategy officer, SafeNet. “What’s worrying is that so many organisations are still putting all of their eggs in one basket when it comes to data security. Perimeter security technologies are just one layer of protection, but too many companies rely on them as the foundation of their data security strategy when in reality the perimeter no longer exists. From the sheer volume of data breaches alone it’s clear that if a cybercriminal wants to hack the system or steal data, then they will find one way or another to do so. So companies need to focus on what matters most – protecting the data. That means building more intelligent security strategies and using defense-in-depth with multi-factor authentication and placing security directly on the data with encryption.”