BALTIMORE, Oct. 1, 2014 /PRNewswire/ -- Despite increasing numbers of data breaches and the theft and loss of more than 2 billion data records worldwide since 2013, organizations continue to believe perimeter security technologies are effective for data protection, according to new research from SafeNet, Inc., a global leader in data protection.
The 2014 SafeNet Data Security Confidence Index found that nearly three-quarters (74 percent) of IT decision-makers believe that their organization's firewall is effective at keeping out unauthorized users. Yet, nearly half (44 percent) admit that their organization's firewall has been breached or do not know if it has been breached. In addition, more than 60 percent are not confident that data would be secure if unauthorized users were able to penetrate their network's perimeter security.
Security Investments Favor the Perimeter vs. Defense in Depth The survey results illustrate that despite the increasing number of network breaches and data record losses, businesses are continuing to invest more of their IT budgets in perimeter security and breach prevention technologies versus defense-in-depth strategies that include strong multi-factor authentication and data encryption. In the first half of 2014 alone, more than 375 million customer records were stolen, an increase of 31 percent compared to the same period last year, according to the SafeNet Breach Level Index (BLI).
The research found that 93 percent of IT decision-makers say that their organizations' investments in perimeter security has either increased or stayed the same over the past five years, with an average of 9 percent of IT budget currently spent purchasing, deploying, and maintaining firewall technology. For the next twelve months, respondents planned to continue this trend, spending approximately the same amount (9.05 percent) on firewall technology.
Two-thirds of IT decision makers (67 percent) also admit that they would not decrease spending on perimeter defenses, such as firewall technology, in favor of other technologies. In fact, if asked to get rid of one method to protect sensitive data, the majority would eliminate anomaly detection (49 percent) or data security measures like encryption (24 percent) rather than perimeter security (15 percent).
Low Confidence in Breach Prevention and Keeping Cybercriminals Out In addition, despite a high degree of confidence in the effectiveness of perimeter security, IT decision makers expressed lower confidence in their companies' ability to protect data against growing security threats, with the research revealing that:
Over half (60 percent) are not confident that data would be secure if unauthorized users penetrated their network's perimeter security.
Two-fifths (41 percent) said they think unauthorized users are able to access their networks.
One-third (34 percent) of IT decision makers reported that they have become less confident with the security industry's ability to detect and defend against emerging security threats
One-quarter of IT decision makers (25 percent) admit that if they were a customer of their organization, they would not trust the company to store and manage their personal data.
Over half (53 percent) suggest that high-profile data breaches in the news have driven their organization to change their security strategy.
"The research findings reveal some interesting contradictions between the perception and the reality of data security," said Tsion Gonen, chief strategy officer, SafeNet. "What's worrying is that so many organizations are still putting all of their eggs in one basket when it comes to data security. Perimeter security technologies are just one layer of protection, but too many companies rely on them as the foundation of their data security strategy when, in reality, the perimeter no longer exists. From the sheer volume of data breaches alone, it's clear that if a cybercriminal wants to hack the system or steal data, they will find a way to do so. So companies need to focus on what matters most – protecting the data. That means building more intelligent security strategies and using defense-in-depth with multi-factor authentication and placing security directly on the data with encryption."
About the Data Security Confidence Index The research conducted by Vanson Bourne on behalf of SafeNet polled more than 1000 individuals across the U.S., UK, Europe, Middle East and Asia-Pacific. Respondents comprised of security and IT executives from a range of industries, including financial services, healthcare, manufacturing, public sector, telecommunications, utilities, retail, construction, insurance, legal and more. The full report can be found here.
About the Breach Level Index The BLI provides a centralized, global database of data breaches and calculates their severity based on multiple dimensions, including the type of data and the number of records stolen, the source of the breach, and whether or not the data was encrypted. By assigning a severity score to each breach, the BLI provides a comparative list of breaches, distinguishing nuisances from truly impactful mega breaches. Information populating the BLI database is based on publicly available breach disclosure information.
About SafeNet, Inc. Founded in 1983, SafeNet, Inc. is one of the largest information security companies in the world, and is trusted to protect the most sensitive data for market-leading organizations around the globe. SafeNet's data-centric approach focuses on the protection of high-value information throughout its lifecycle, from the data center to the cloud. More than 25,000 customers across commercial enterprises and government agencies trust SafeNet to protect and control access to sensitive data, manage risk, ensure compliance, and secure virtual and cloud environments. Learn more about SafeNet on Twitter, LinkedIn, Facebook, YouTube, and Google+.
Note: Information in the Breach Level Index is collected from public sources. SafeNet provides this information "as-is", makes no representation or guaranties regarding this information, and is not liable for any use. A secure breach is categorized as a breach in which strong encryption, key management, and authentication solutions protect the data from being accessed during an attack.