Dubai: Despite the increasing number of data breaches and more than 3.9 billion data records worldwide being lost or stolen since 2013, organisations continue to believe that basic perimeter security technologies are effective against data breaches.
Of the 1,100 IT decision makers surveyed worldwide in Gemalto’s third-annual Data Security Confidence Index, 50 were based in the Middle East. Of these respondents, 94 per cent said that their perimeter security systems (firewall, intrusion detection and prevention systems (IDPS), content filtering, anomaly detection, etc.) were effective at keeping unauthorised users out of their network.
Despite this, 54 per cent said they have suffered from a perimeter security system breach in the past 12 months. Furthermore, 60 per cent believe unauthorised users can access their network and 36 per cent said unauthorised users could access their entire network, in the event of a data breach. “The research shows that there is indeed a big divide between perception and reality when it comes to the effectiveness of perimeter security,” said Sebastien Pavie, regional director for identity and data protection at Gemalto MENA.
He said the days of breach prevention are over, yet many IT organisations continue to rely on perimeter security as the foundation of their “security strategies”. The new reality is that IT professionals need to shift their mindset from breach prevention to breach acceptance and focus more on securing the breach by protecting the data itself and the users accessing the data.
Over the last five years, the Middle Eastern organisations surveyed have incurred a total financial loss of approximately $1.49 million due to system perimeter breaches. Subsequently, the average cost of detecting and fixing these breaches was approximately $35.23 million.
Consequences
Furthermore, organisations suffered from consequences such as delays in getting products and services to the market (56 per cent; decreased customer confidence (38 per cent) and the loss of a new or incremental business opportunity (32 per cent). Despite these breaches, organisations continue to invest in perimeter security versus data protection.
Despite the increased focus on perimeter security, he said the findings show the reality many organisations face when it comes to preventing data breaches. All organisations surveyed in the Middle East – 100 per cent of them – said their organisations experienced a breach at some time over the past five years. This suggests that organisations have not made significant improvements in reducing the number of data breaches despite increased investments in perimeter security. “While companies are confident in the amount of spending and where they are spending it, it’s clear the security protocols they are employing are not living up to expectations. While protecting the perimeter is important, organisations need to come to the realisation that they need a layered approach to security in the event the perimeter is breached,” Pavie said.
By employing tools such as end-to-end encryption and two-factor authentication across the network and the cloud, he said that they can protect the whole organisation and, most importantly, the data.
