Are businesses over confident in their cyber security capabilities?

With the number of data breaches increasing and nearly 1.4 billion data records lost or stolen last year, it’s never been more important that businesses have confidence in their cyber security solutions, and understand which technologies best protect them.

For example, the vast majority of IT professionals still believe perimeter security is effective at keeping unauthorised users out of their networks, according to the findings of Gemalto’s latest data security report. On top of this, it also revealed that companies are under investing in technology that adequately protects their business.

>See also: Why insider threats are the next big security challenge

Surveying 1,050 IT decision makers worldwide, 94% believed that perimeter security is quite effective at keeping unauthorised users out of their network. However, 65% are not extremely confident their data would be protected, should their perimeter be breached, a slight decrease on last year (69%). Despite this, nearly six in 10 (59%) organisations report that they believe all their sensitive data is secure.

Perimeter security is the focus, but understanding of technology and data security is lacking

Many businesses are continuing to prioritise perimeter security without realising it is largely ineffective against sophisticated cyber attacks. According to the research findings, 76% said their organisation had increased investment in perimeter security technologies such as firewalls, IDPS, antivirus, content filtering and anomaly detection to protect against external attackers. Despite this investment, two thirds (68%) believe that unauthorised users could access their network, rendering their perimeter security ineffective.

These findings suggest a lack of confidence in the solutions used, especially when over a quarter (28%) of organisations have suffered perimeter security breaches in the past 12 months. The reality of the situation worsens when considering that, on average, only 8% of data breached was encrypted.

>See also: Evolving security operations strategy to fit the cloud

Businesses’ confidence is further undermined by over half of respondents (55%) not knowing where their sensitive data is stored. In addition, over a third of businesses do not encrypt valuable information such as payment (32%) or customer (35%) data. This means that, should the data be stolen, a hacker would have full access to this information, and can use it for crimes including identify theft, financial fraud or ransomware.

“It is clear that there is a divide between organisations’ perceptions of the effectiveness of perimeter security and the reality,” said Jason Hart, vice president and chief technology officer for Data Protection at Gemalto.

“By believing that their data is already secure, businesses are failing to prioritise the measures necessary to protect their data. Businesses need to be aware that hackers are after a company’s most valuable asset – data. It’s important to focus on protecting this resource, otherwise reality will inevitably bite those that fail to do so.”

Most businesses are unprepared for GDPR

This notion is nothing new, but the report found that over half of respondents (53%) believe they will be fully compliant with GDPR by May next year. With less than a year to go, businesses must begin introducing the correct security protocols in their journey to reaching GDPR compliance, including encryption, two-factor authentication and key management strategies.

>See also: Gartner identifies the top technologies for security in 2017

Hart continued, “Investing in cyber security has clearly become more of a focus for businesses in the last 12 months. However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold, or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don’t improve their cybersecurity will face severe legal, financial and reputational consequences.”

The UK

According to the survey, 96% of UK businesses felt as though their perimeter security is either very (28%) or quite (68%) effective at keeping unauthorised users out of their network.

At the same time, it was revealed that 58% are extremely confident that their data would be secure in the event of a breach – more than all other countries surveyed. However, 46% of UK businesses are only protecting their customers’ data with passwords.

When considering their latest data breaches, an alarming 75% of the data stolen from businesses on average was not encrypted. Worryingly 11% of businesses do not encrypt any of their data

>See also: Cyber security in 2020: boosting protection with traps and tripwires

Joe Pindar, director of Data Protection Product Strategy at Gemalto: “As a security professional, it feels like I’ve been saying forever that basic perimeter security measures are no longer enough. So it’s worrying to see that the UK is continuing to place ultimate faith in these systems, without thinking about what attackers actually want – their data. Without a switch in mentality, and starting to protect the data at its source with robust encryption and two-factor authentication, the UK is like one of the three little pigs. Unfortunately the one sitting in the straw house – not realising that when the time comes, passwords and perimeter security alone will not stand up to attackers.”

 

The UK’s largest conference for tech leadershipTech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...