IT executives have unrealistic expectations of their perimeter security measures (firewall, IDPS, AV, content filtering, anomaly detection), Gemalto study says. Although 3.9 billion data records have been stolen or went missing since 2013, IT professionals feel their current security infrastructure is good enough to fend off a data breach.
“While data security (encryption, fraud detection and/or key management) and perimeter security (IDPS, AV, content filtering, anomaly detection) remain in widespread use (82% and 81% respectively), identity and access control (user-authentication) is now being used by two thirds (66%) of respondents’ organizations,” analysts said.
Of the 1,100 respondents, around 76% were more willing to invest resources to safeguard their customers’ data than to keep their intellectual property safe. Most IT decision makers in the study have seen increased investment in perimeter security in their organizations in the past five years.
Gemalto’s Data Security Confidence Index (DSCI) found one third of companies have suffered a hack in the past year. According to the research, 11% of respondents did not trust their companies with keeping their data safe, while 66% believed it would be easy for a hacker to access their organization’s network. Overall, research shows organizations have understood the risks they are exposed to and have increased investments, yet they haven’t been very successful at reducing the number of hacks.
“This research shows that there is indeed a big divide between perception and reality when it comes to the effectiveness of perimeter security,” said Jason Hart, VP and CTO for Data Protection at Gemalto. “The days of breach prevention are over, yet many IT organizations continue to rely on perimeter security as the foundation of their security strategies. The new reality is that IT professionals need to shift their mindset from breach prevention to breach acceptance and focus more on securing the breach by protecting the data itself and the users accessing the data.”
Gemalto analysts urge attention to the importance of immediately implementing end-to-end encryption and two-factor authentication for their infrastructure and cloud to keep their data safe, as a layered approach is more suitable for organizations today.