In its third annual global IT security survey, Versasec found Europe’s General Data Protection Regulation (GDPR) is impacting security planning around the world, smart card deployment is on the rise, and that many companies continue to rely on the inadequate protection offered by user names and passwords alone.
These results and more came from IT and security professionals in EMEA, North America and Asia/Pacific regions. The survey showed that users remained consistent year-over-year in what they believe are their greatest security challenges: mobile, BYOD, and cloud usage.
GDPR is impacting security strategy
For more than half of the respondents, the GDPR which goes into effect in May 2018, is weighing heavily into their current security strategy decisions, with that number climbing to nearly 70% for EMEA-based companies.
Even in other regions, the GDPR will be impactful, according to nearly one in three North American-based respondents, and more than half of the respondents from the Asia/Pacific region.
In the 2018 survey, nearly 60% of the respondents said they will spend up to 24% of their technology budgets on security this year; 18% said they would spend as much as 49% of their budgets on it; and nearly 25% said more than half of their budget will be spent on security. That compares with 15% in the 2017 survey who said they would spend more than 50% of their IT budgets on security.
Internal security threats
Also telling in 2018 is that companies believe their internal security threats have dropped, possibly due to added technologies such as identity and access management. For 2018, the internal threat was of greater concern to 35% of respondents, while 65% said external threats are their biggest worry. In last year’s study, those worried about internal threats accounted for 44% of respondents.
Other key findings
Other key findings of the study, which polled information technologists in a broad range of industries, included the following:
- When asked what security methods they would implement in 2018, identity and access management was the top item, at nearly 52%, followed by network security (47%), cybersecurity (43%), cloud security (37%), encryption (34%), endpoint security (33%), multifactor ID (32%) and physical security (25 percent).
- As in both prior year surveys, user name and password authentication remains the top means for securing identities, with 89% of respondents citing this method. Second to passwords are smart cards, which were cited by 57% of respondents. Other methods in use include PKI (42%); one-time passwords (37%), biometrics (18%) and virtual smart cards (13%).
- The good news is that many companies say they will deploy stronger authentication methods this year, including smart cards (47%); biometrics (36%); virtual smart cards (26%); and PKI (23%). Despite their inherent risks, some companies still plan to deploy user name and password solutions (29%) and one-time passwords (17%).
- Nearly 60% of the respondents in the 2018 poll said they will spend up to 24% of their 2018 IT budgets on IT security, and another 18% said they would spend as much as 49% of their budgets on it.
- The 2018 poll reached industries including government agencies, and financial services, technology, retail, manufacturing and healthcare companies.
Joakim Thorén, Versasec CEO, says he is encouraged that more companies are looking at and deploying physical and virtual smart cards to ensure their data safety. “When it comes to cost-effective solutions for securing a company’s precious assets, virtual and physical smart cards make perfect sense. They are easy to manage and make it possible to protect data from human error – whether benign or malicious – where breaches are most often made.”