Study Suggests Differences Between Security Perceptions, Reality

Newer technologies considered more effective than traditional standbys; many don't know whether their organization has been breached

Tim Wilson, Editor in Chief, Dark Reading, Contributor

September 16, 2010

2 Min Read

Sometimes, conventional wisdom isn't so wise.

That's a conclusion that might be drawn from a survey published yesterday by security consultancy Securosis and security tool vendor Imperva. The Web-based study of 1,100 professionals suggests there are some differences between perception and reality when it comes to security controls.

For example, Web application firewalls were ranked among the five top-rated technologies for reducing the number of data breach incidents. Others highly ranked technologies included network data loss prevention, full drive encryption, server/endpoint hardening, and endpoint data loss prevention.

Interestingly, these tools that were ranked most effective are not always considered "standard" issue when outfitting an enterprise network, as firewalls or antivirus tools might be.

"This data indicates that in order to mitigate current threats, you need a very different set of technology than you would have used two years ago, says Amichai Shulman, CTO and co-founder of Imperva.

Conversely, some tools that have a poor reputation for effectiveness may still be essential to enterprise defenses, Shulman observes. For example, email filtering, which ranked among the least effective tools by perception, was ranked among the most effective technologies in actually reducing the number of security incidents in the enterprise.

"There are many complaints about email filters, but in the end they are very effective," Shulman says.

The study also notes some disparities between the common perception that security breaches are on the rise and the reality of breach incidence.

"Nearly two-thirds of organizations either didn't know if they suffered any data breach incidents, or stated that they didn't experience any," the survey says. "Of those that did, 46 percent saw a decline in breaches, while 27 percent reported the same number of breaches from the previous year."

Among respondents who knew of data breaches in their own organizations, 62 percent said malicious intentions were behind them. Insider breaches comprised 33 percent of incidents, hackers comprised 29 percent, and the remaining breaches were accidental.

"The accidental breaches are still often overlooked," Shulman says. "Usually, when we talk about security we think of hackers and criminals. That's the perception, when in fact, negligence and incompetence often are major factors in data loss."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Tim Wilson, Editor in Chief, Dark Reading


Tim Wilson is Editor in Chief and co-founder of Dark, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights