Despite an increasing number of data breaches and more than 3,9-billion data records worldwide being lost or stolen since 2013, organisations continue to believe perimeter security technologies are effective against data breaches.
This is one of the many findings of the third annual Data Security Confidence Index by Gemalto, which reports that 61% the 1 100 IT decision makers surveyed worldwide said their perimeter security systems (including firewall, IDPS, AV, content filtering, anomaly detection) were very effective at keeping unauthorised users out of their network.
However, 69% said they are not confident their organisation’s data would be secure if their perimeter security was breached. This is up from 66% in 2015 and 59% in 2014.
Furthermore, 66% believe unauthorised users can access their network and nearly two in five (16%) said unauthorised users could access their entire network.
“This research shows that there is indeed a big divide between perception and reality when it comes to the effectiveness of perimeter security,” says Jason Hart, vice-president and chief technology officer for data protection at Gemalto. “The days of breach prevention are over, yet many IT organisations continue to rely on perimeter security as the foundation of their security strategies.
“The new reality is that IT professionals need to shift their mindset from breach prevention to breach acceptance, and focus more on securing the breach by protecting the data itself and the users accessing the data.”
Neil Cosser, identity and data protection manager for Africa at Gemalto, adds: “Many businesses, including those in South Africa, typically respond to increased data security threats by shoring up their perimeter defences. But, if history has taught us anything, it’s that walls are eventually breached and made obsolete.
“With a number of high profile breaches making news headlines recently, we’re starting to see many IT professionals realise that the key is to have a multi-layered security approach, providing security at the edge and at the core though encryption.”
According to the research findings, 78% of IT decision-makers said they had adjusted their strategies as a result of high profile data breaches, up from 71% in 2015 and up 53% in 2014. Meanwhile, 86% said they had increased spending on perimeter security and 85% believe that their current investments are going to the right security technologies.
Despite the increased focus on perimeter security, the findings show the reality many organisations face when it comes to preventing data breaches: 64% of those surveyed said their organisations experienced a breach at some time over the past five years; more than a quarter (27%) said they experienced a breach in the past 12 months, with a similar number of IT decision-makers (30%) reporting the same frequency in 2015.
This suggests that organisations have not made significant improvements in reducing the number of data breaches despite increased investments in perimeter security.
“While companies are confident in the amount of spending and where they are spending it, it’s clear the security protocols they are employing are not living up to expectations,” says Hart. “While protecting the perimeter is important, organisations need to come to the realisation that they need a layered approach to security in the event the perimeter is breached.
“By employing tools such as end-to-end encryption and two-factor authentication across the network and the cloud, they can protect the whole organisation and, most importantly, the data.”
