Despite the increasing number of data breaches, many companies are still relying on perimeter defences and are underinvesting in technologies to keep data safe.
Some 96% of UK businesses feel as though their network perimeter security is effective at keeping unauthorised users out of their network, according to the fourth-annual Gemalto Data Security Confidence Index.
The global ransomware attack in May 2017 affected more than 200,000 computers in over 150 countries, including in the UK where the NHS was forced to restrict operations and turn away patients.
Across the 10 global regions surveyed, 94% of the more than 1,000 IT professionals said perimeter security is effective, but only 35% said they were extremely confident their data would be secure if perimeter defences were breached.
However, the survey also revealed that 46% of UK businesses are only protecting their customers’ data with passwords, and when considering their latest data breaches, 75% of the data stolen from businesses on average was not encrypted, with 11% of businesses not encrypting any of their data.
“As a security professional, it feels like I’ve been saying forever that basic perimeter security measures are no longer enough,” said Joe Pindar, director of data protection product strategy at Gemalto.
“So it’s worrying to see the UK is continuing to place ultimate faith in these systems, without thinking about what attackers actually want – their data,” he said.
Without a switch in mentality, and starting to protect the data at its source with robust encryption and two-factor authentication, the UK is like one of the three little pigs.
“Unfortunately, the one sitting in the straw house – not realising that when the time comes, passwords and perimeter security alone will not stand up to attackers,” he said.
The Gemalto report notes that many businesses are continuing to prioritise perimeter security without realising it is largely ineffective against sophisticated cyber attacks.
According to the research findings, 76% of global respondents said their organisation had increased investment in perimeter security technologies such as firewalls, intrusion detection and prevention, antivirus, content filtering, and anomaly detection to protect against external attackers.
Despite this investment, 68% believe unauthorised users could access their network, rendering their perimeter security ineffective.
These findings suggest a lack of confidence in the solutions used, especially when over a quarter (28%) of organisations polled have suffered perimeter security breaches in the past 12 months. The reality of the situation worsens when considering that, on average, only 8% of data breached was encrypted.
Businesses’ confidence is further undermined by over half of respondents (55%) not knowing where their sensitive data is stored. In addition, over a third of businesses do not encrypt valuable information such as payment (32%) or customer (35%) data.
According to the Gemalto report, this means that, should the data be stolen, a hacker would have full access to this information, and could use it for crimes including identify theft, financial fraud or ransomware.
“It is clear there is a divide between organisations’ perceptions of the effectiveness of perimeter security and the reality,” said Jason Hart, vice-president and chief technology officer for data protection at Gemalto.
“By believing that their data is already secure, businesses are failing to prioritise the measures necessary to protect their data, which is a company’s most valuable asset,” he said, adding that it is important to focus on protecting this resource. “Otherwise, reality will inevitably bite those that fail to do so.”