This became abundantly clear when more than 74 percent of respondents indicated that while they believe network perimeter defenses are effective at keeping unauthorized users out, 31 percent of those same respondents acknowledged that their network perimeter defenses have been breached in the past.
What is more concerning is that 20 percent said they were not even certain whether or not they had been breached, indicating that the respondents may not have the right technologies in place to detect whether an internal or external security breach has occurred. The security breach survey results raise numerous questions as to whether the enterprise has the sufficient data protection technology to record accurate audit trails, enforce compliance, and maintain control of their data, whether it is on premise or in a cloud or virtual environment.
Ninety-five percent of respondents state that they have either maintained or increased their investment in network perimeter security. However, more than half (55 percent) of those respondents felt that their company was not spending enough on security. These statistics appear contradictory, but in questioning the respondents further, it became clear that current threat mitigation technologies are undermining confidence in the entire industry that supplies them.
When asked if they were confident in the security industry’s ability to detect or prevent security breaches, only 19 percent were confident, 49 percent remained unconvinced that the industry can thwart current threats, and 33 percent have become less confident in its ability to do so.
Investments in network perimeter technologies continue to rise even in the face of a growing data breach epidemic, which they have failed to adequately address.
When asked if the recent spate of security breaches caused respondents to rethink their security strategies, more than half (52 percent) stated that high-profile data breaches have indeed caused them to adjust their data security strategies. However, when survey respondents were asked if they believe a security breach could happen, over 65 percent believe they will suffer a data breach within the next three years.
In addition, 35 percent of the survey respondents admitted that they believe their company is investing in the wrong security technologies and, as a result, when asked if their data would remain secure if the perimeter was breached, over 59 percent said that their data would not be safe.
As budgets remain tight, security officials are confronted with how best to allocate their resources to ensure the security of their high-value data in an increasingly perimeter-free world.
The data breach survey results further underscore the difficulties security professionals face in identifying the technologies that will keep their data safe as that data transitions from the datacenter to the cloud.
Dave Hansen, President and CEO, SafeNet, stated, “While the overall IT and threat landscape has dramatically changed over the past several years, the security industry has been slow to adapt to those changes. Today’s threat landscape demands a mindset that moves beyond attempting to achieve absolute breach prevention. Organizations must accept that a breach will happen and implement strategies such as encryption that secure the breach by making the data useless to anyone but its rightful owner. Threats to vital infrastructure and high-value data have outgrown traditional breach prevention strategies, such as network perimeter security and anti-malware, and it is clear that maintaining the same approach of years past is antiquated and dangerous. As an industry, we know what needs to be done, and the time for change and action is now.”
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.