Produced through surveying 1,050 IT decision makers worldwide, the index found that 94 per cent believe that perimeter security is quite effective at keeping unauthorised users out of their network. However, 65 per cent are not extremely confident their data would be protected, should their perimeter be breached, a slight decrease on last year’s 69 per cent. Despite this, nearly six in 10 organisations report that they believe all their sensitive data is secure.
The research also found that while 76 per cent of those surveyed said that they had increased investment in perimeter security technologies such as firewalls, IDPS, antivirus, content filtering and anomaly detection to protect against external attackers, two-thirds (68 per cent) still believe that unauthorised users could access their network, rendering their perimeter security ineffective.
Troublingly, 55 per cent of respondents said that that they do not know where their sensitive data is stored, while roughly a third of businesses do not encrypt payment (32 per cent) or customer (35 per cent) data. Should it be stolen, a hacker would be able to use it to commit identify theft, financial fraud or ransom it back to the owner.
"It is clear that there is a divide between organizations' perceptions of the effectiveness of perimeter security and the reality," said Jason Hart, vice president and chief technology officer for data protection at Gemalto. "By believing that their data is already secure, businesses are failing to prioritize the measures necessary to protect their data. Businesses need to be aware that hackers are after a company's most valuable asset - data. It's important to focus on protecting this resource, otherwise reality will inevitably bite those that fail to do so."
Over half of respondents (53 per cent) said that they do not believe that they will be compliant with the General Data Protection Regulation (GDPR) by the time it comes into force (May 2018) – putting them at risk of fines and reputational damage. To avoid this they need to introduce the correct security protocols including the use of encryption, two-factor authentication and key management strategies.
Hart continues, "Investing in cybersecurity has clearly become more of a focus for businesses in the last 12 months. However, what is of concern is that so few are adequately securing the most vulnerable and crucial data they hold, or even understand where it is stored. This is standing in the way of GDPR compliance, and before long the businesses that don't improve their cybersecurity will face severe legal, financial and reputational consequences."
The Data Security Confidence Index can be downloaded here