A majority of IT professionals believe perimeter security is sufficient to ward off hackers even though 28 percent of organisations have suffered perimeter security breaches in the past 12 months.
Organisations are investing a lot more on perimeter security than on encryption, thus rendering their systems vulnerable to sophisticated attacks.
A survey of 1,050 IT professionals by digital security firm Gemalto has revealed organisations' approach to cyber security and how they choose to invest their money in guarding against sophisticated cyber-attacks and unauthorised access to sensitive data.
Endpoint security: Is it enough?
The survey revealed that an overwhelming majority (94%) of IT professionals in the United States, UK, Germany, India and Japan feel perimeter security is either very or somewhat sufficient at keeping unauthorised users out of their network. As such, enterprise investment on solutions like firewalls, IDPS, antivirus, content filtering and anomaly detection is a lot more than on more effective solutions like end-to-end encryption and two-factor authentication.
The survey noted that despite pouring in so much money, 68 percent of IT professionals still believe that unauthorised users could access their network, rendering their perimeter security ineffective.
The latter belief has more merit considering that over one in four or all organisations suffered perimeter security breaches in the past 12 months. At the same time, lack of encryption has also rendered their data more vulnerable to cyber attacks. 92% of all data breached in the past 12 months was not encrypted and in the UK alone, 46% of businesses are only protecting their customers’ data with passwords.
Eight things to do if you want to break data protection rules
“As a security professional, it feels like I’ve been saying forever that basic perimeter security measures are no longer enough. So it’s worrying to see that the UK is continuing to place ultimate faith in these systems, without thinking about what attackers actually want – their data," says Joe Pindar, Director of Data Protection Product Strategy at Gemalto.
"Without a switch in mentality, and starting to protect the data at its source with robust encryption and two-factor authentication, the UK is like one of the three little pigs. Unfortunately the one sitting in the straw house – not realising that when the time comes, passwords and perimeter security alone will not stand up to attackers,” he adds.
The survey further revealed that more than half of all businesses do not know where their sensitive data is stored, 32% of them do not encrypt payment information, and 35% of them do not encrypt customer details. This means that in the event of a cyber-attack, hackers will be able to gain full access to such sensitive details. In the UK, 11% of all businesses do not encrypt any of their data, which explains why they regularly suffer from identity theft, financial fraud or ransomware.
Government v Tech: The question of encryption is a battle to infinity
Gemalto notes that in order to comply with provisions of the GDPR which will come into effect in less than a year from now, organisations will have to implement the correct security protocols like encryption, two-factor authentication, and key management strategies.
“Investing in cybersecurity has clearly become more of a focus for businesses in the last 12 months. However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold, or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don’t improve their cybersecurity will face severe legal, financial and reputational consequences,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto.