Perimeter

7/12/2017
11:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Businesses Overconfident on Blocking Hackers, Less Sure of Data Protection

Amsterdam, July 10, 2017 – Despite the increasing number of data breaches and nearly 1.4 billion data records being lost or stolen in 2016 (source: Breach Level Index), the vast majority of IT professionals still believe perimeter security is effective at keeping unauthorized users out of their networks. However, companies are under investing in technology that adequately protects their business, according to the findings of the fourth-annual Data Security Confidence Index released today by Gemalto (Euronext NL0000400653 GTO), the world leader in digital security.

Surveying 1,050 IT decision makers worldwide, businesses feel that perimeter security is keeping them safe, with most (94%) believing that it is quite effective at keeping unauthorized users out of their network. However, 65% are not extremely confident their data would be protected, should their perimeter be breached, a slight decrease on last year (69%). Despite this, nearly six in 10 (59%) organizations report that they believe all their sensitive data is secure.

Perimeter security is the focus, but understanding of technology and data security is lacking

Many businesses are continuing to prioritize perimeter security without realizing it is largely ineffective against sophisticated cyberattacks. According to the research findings, 76% said their organization had increased investment in perimeter security technologies such as firewalls, IDPS, antivirus, content filtering and anomaly detection to protect against external attackers. Despite this investment, two thirds (68%) believe that unauthorized users could access their network, rendering their perimeter security ineffective.

These findings suggest a lack of confidence in the solutions used, especially when over a quarter (28%) of organizations have suffered perimeter security breaches in the past 12 months. The reality of the situation worsens when considering that, on average, only 8% of data breached was encrypted.

Businesses' confidence is further undermined by over half of respondents (55%) not knowing where their sensitive data is stored. In addition, over a third of businesses do not encrypt valuable information such as payment (32%) or customer (35%) data. This means that, should the data be stolen, a hacker would have full access to this information, and can use it for crimes including identify theft, financial fraud or ransomware.

"It is clear that there is a divide between organizations' perceptions of the effectiveness of perimeter security and the reality," said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. "By believing that their data is already secure, businesses are failing to prioritize the measures necessary to protect their data. Businesses need to be aware that hackers are after a company's most valuable asset – data. It's important to focus on protecting this resource, otherwise reality will inevitably bite those that fail to do so."

Most Businesses are unprepared for GDPR

With the General Data Protection Regulation (GDPR) becoming enforceable in May 2018, businesses must understand how to comply by properly securing personal data to avoid the risk of administrative fines and reputational damage. However, over half of respondents (53%) say they do not believe they will be fully compliant with GDPR by May next year. With less than a year to go, businesses must begin introducing the correct security protocols in their journey to reaching GDPR compliance, including encryption, two-factor authentication and key management strategies.

Hart continues, "Investing in cybersecurity has clearly become more of a focus for businesses in the last 12 months. However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold, or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don't improve their cybersecurity will face severe legal, financial and reputational consequences."

About the survey

Independent technology market research specialist Vanson Bourne surveyed 1,050 IT decision makers across the US, UK, France, Germany, India, Japan, Australia, Brazil, Benelux the Middle East and South Africa on behalf of Gemalto. The sample was split between Manufacturing, Healthcare, Financial Services, Government, Telecoms, Retail, Utilities, Consultation and Real Estate, Insurance and Legal, IT and other sectors from organizations with 250 to more than 5,000 employees.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17182
PUBLISHED: 2018-09-19
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations...
CVE-2018-17144
PUBLISHED: 2018-09-19
Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...