Majority of Organizations Unsure of Ability to Protect Data After a Breach

A recent study conducted by security firm Gemalto has revealed that a majority of companies are not confident of their ability to prevent data from being stolen, altered, or deleted if their security perimeter is breached.

While most organizations – 61% – were confident of the defenses they had applied to keep their perimeter secure, in the event that hackers broke through those defenses, 69% of companies thought data would likely be at risk and that it may not be possible to prevent data theft.

Even though perimeters may be well defended, 66% of respondents believed that unauthorized users could gain access to their networks. More worryingly, 16% of respondents said they believed unauthorized users had already gained access to their entire network.

The reality today is security breaches will occur, it is just a matter of time as to when the security perimeter will be penetrated. Consequently, organizations can no longer rely on bolstering perimeter defenses alone. It is now necessary to accept that malicious actors will gain access to networks, and adequate protections must therefore be implemented to keep sensitive data secure in the event of a security breach.

Organizations must also consider that threats do not always come from outside the organization. Perimeter defenses are important to keep external malicious actors from gaining access to data, but they do nothing to protect sensitive data from malicious insiders. Controls must be put in place to protect data from theft, regardless of whether the threat comes from.

Jason Hart, Gemalto’s vice president and chief technology officer for data protection suggested that “Organizations need to come to the realization that they need a layered approach to security in the event the perimeter is breached.”

Hart suggested that for most organizations security must include two-factor authentication across the entire network and cloud, and the implementation of end-to-end data encryption. By putting these protections in place, organizations will be able to ensure that data are protected, even if the security perimeter is breached.

The study was conducted on 1,100 IT decision makers from organizations around the globe, across a range of industry sectors.

 

Author: NetSec Editor