Organizations are creating the perfect storm by not implementing security basics

European organizations have a false sense of security when it comes to protecting themselves, with only 68% seeing themselves as vulnerable, down from 86% in 2018, according to Thales.

Problems with implementing security basics

This confidence flies in the face of the findings of the survey of 509 European executives which reveals 52% of organizations were breached or failed a compliance audit in 2019, raising concerns as to why 20% intend to reduce data security spend in the next year.

The findings come as workers across Europe are working from home due to COVID-19, often using personal devices which don’t have the built-in security office systems do, significantly increasing risk to sensitive data.

Across the board, companies are racing to digitally transform and move more applications and data to the cloud; 37% of European countries stated they are aggressively disrupting the markets they participate in or embedding digital capabilities to enable greater enterprise agility.

A key aspect of this transformation is in the cloud becoming the leading data environment. 46% of all data stored by European organizations is now stored in the cloud, and with 43% of that data in the cloud being described as sensitive, it is essential that it is kept safe.

As more sensitive data is stored in cloud environments, however, data security risks increase. This is of particular concern given that 100% of businesses surveyed report that at least some of the sensitive data they are storing in the cloud is not encrypted.

Only 54% of sensitive data in the cloud is protected by encryption and even less (44%) is protected by tokenisation, highlighting the disconnect between the level of investment companies are making into cybersecurity and the increasing threats they face.

Multi-cloud adoption complicates data security

Despite the multitude of threats, businesses feel that the complexity (40%) of their environments is holding their data security capabilities back.

Multi-cloud adoption is the main driver of this complexity; 80% of businesses are using more than one IaaS (Infrastructure as a Service) vendor, whilst 29% have more than 50 SaaS (Software as a Service) applications to manage.

Businesses also identified a lack of budget (30%), staff to manage (28%) and organization buy-in/low priority (25%) as other top blockers.

“Businesses are continuing to race towards digital transformation and many are increasingly reliant on complex cloud environments, without taking a zero-trust approach. Data is more at risk than ever, whilst organizations are unwittingly creating the perfect storm for hackers by not implementing the security basics,” commented Rob Elliss, EMEA Vice President for Data Security solutions at Thales.

“Unfortunately, this will result in increasing problems, particularly in a world where working remotely will be part of the new-normal, unless companies can step up to the plate when it comes to keeping data safe.”

Quantum(fying) the problem

Whilst organizations continue to look at the threat of today, many are starting to turn their attention to peril that the acceleration of computing power, quantum, could bring to them. In fact, 93% respondents are concerned quantum computing will lead to exploits being created that could expose the sensitive data they hold.

What’s more, 69% European organizations expect quantum to affect their cryptographic operations in the next five years.

As a result, most organizations are reacting, with 31% planning to offset quantum computing threats by switching away from static encryption or symmetric cryptography. Furthermore, a similar amount (30%) plans to implement key management that supports quantum safe random number generator.

“It is clear that businesses are aware of evolving threats they face and it’s reassuring to see them acknowledging some of the key steps they need to take – including moving away from static encryption and implementing quantum-proof key management.

“It’s critical, though, that organizations don’t just look at threats years away, but invest in their cybersecurity processes now and see it as an integral part of their digital transformation,” Elliss concluded.