Organisations Have A False Sense of Data Security (£)

Uploaded on 2016-01-27 in Directors Reports

A majority of organisations equate IT security compliance with actual strong defense, and are thereby leaving their data at risk to cyber incidents through a false sense of security.

That is the conclusion of the 2016 Vormetric Data Threat Report, released today by analyst firm 451 Research and Vormetric, a leader in enterprise data security.

The fourth annual report, which polled 1,100 senior IT security executives at large enterprises worldwide, details thee rates of data breach and compliance failures, perceptions of threats to data, data security stances and IT security spending plans. The study looked at physical, virtual, big data and cloud environments.

The bad news: 91 percent of organizations are vulnerable to data threats by not taking IT security measures beyond what is required by industry standards or government regulation.

“Critical findings illustrate organizations continue to equate compliance with security in the belief that meeting compliance requirements will be enough, even as data breaches rise in organizations certified as compliant,” noted Garrett Bekker, senior analyst, enterprise security, at 451 Research and the author of the report.

“Investments in IT security controls were also shown to be misplaced, as most are heavily focused on perimeter defenses that consistently fail to halt breaches and increasingly sophisticated cyberattacks,” Bekker explains.

Bekker stressed that, “Compliance does not ensure security. As we learned from data theft incidents at companies that had reportedly met compliance mandates, such as Anthem, Home Depot and others, being compliant doesn’t necessarily mean you won’t be breached and have your sensitive data stolen.”

This message seems to be having a hard time getting through to many IT leaders. “We found that organisations don’t seem to have gotten the message, with nearly two thirds (64%) rating compliance as very or extremely effective at stopping data breaches,” Bekker noted.

Among the study findings:

Rates of data breaches are up, with 61% experiencing a breach in the past (22% within the last year, and 39% in a previous year).
    
64% believe compliance is very or extremely effective at preventing data breaches, up from 58% last year.

    
At 46% overall, compliance was also the top selection for setting IT security spending priorities. Industries particularly focused on compliance include healthcare (61%) and financial services (56%) organizations.
    
“Organizations are also spending ineffectively to prevent data breaches, with spending increases focused on network and endpoint security technologies that offer little help in defending against multi-stage attacks,” added Bekker. “It’s no longer enough to just secure our networks and endpoints.”

Global Considerations

The report also finds significant differences in the primary drivers for data security strategies around the world:

Compliance requirements were top drivers in the U.S. (54%), Australia (51%) and Germany (47%).
    
In Japan, requirements from business partners, customers or prospects were the highest priority (50%).
    
Reputation and brand protection were the most important spending drivers in the U.K. (50%) and Mexico (58%).

Some of the greatest differences identified were in organizations planned spending increases on data-at-rest defenses, the most effective solutions for protecting data from multi-phase, multi-layer attacks, Bekker explained.  These differences suggest again that many organizations are less concerned about preventing data breaches than they are with checking the compliance box, he suggested.

Information-Management: http://bit.ly/1KzfKPu

« ISIS Hackers Join Forces with AnonGhost
Safety Agreement On Cyber and Wired Vehicles »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

SmartSearch

SmartSearch

SmartSearch is a leading online provider of Anti-Money Laundering and Fraud Prevention Services.

Centre for Secure Information Technologies (CSIT)

Centre for Secure Information Technologies (CSIT)

CSIT is a UK Innovation and Knowledge Centre (IKC) for secure information technologies. Our vision is to be a global innovation hub for cyber security.

Open Networking Foundation (ONF)

Open Networking Foundation (ONF)

The Open Networking Foundation (ONF) is a non-profit operator led consortium driving transformation of network infrastructure and carrier business models.

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN)

Cyber Security Experts Association of Nigeria (CSEAN) is a not for profit group of professionals in the field of Information Security in Nigeria and Diaspora.

Lynx Software Technologies

Lynx Software Technologies

Lynx provide secure software and operating systems for use in mission critical applications such as aerospace, medical, transportation and IoT.

Consult Hyperion

Consult Hyperion

Consult Hyperion is an independent strategic and technical consultancy specialising in digital identity and secure electronic transactions.

Cybonet

Cybonet

Cybonet is committed to empowering organizations of all sizes with the tools and capabilities to detect and engage cyber security threats.

CryptoTec

CryptoTec

CryptoTec is a provider of security concepts and encryption solutions for secure communication between decentralized computerized systems.

Pentest People

Pentest People

Pentest People are a UK-based security consultancy focussing on bringing the benefits of Pentesting as a Service (PTaaS) to all its clients.

CyberInsureOne

CyberInsureOne

At CyberInsureOne, we break down the complex world of cyber insurance, and connect you with providers that can give you and your company peace of mind.

InGuardians

InGuardians

InGuardians is an independent information security consulting firm specializing in penetration testing, threat hunting, and hardware hacking.

Earlybird Venture Capital

Earlybird Venture Capital

Earlybird is a venture capital investor focused on European technology innovators.

Moro Hub

Moro Hub

Moro Hub, a subsidiary of Digital DEWA, is a UAE-based digital data hub focused on digital transformation and operational services.

IDECSI

IDECSI

IDECSI delivers cutting-edge technology and engages all employees in the security system for effective and cost-efficient data protection.

Silk Security

Silk Security

Silk is the first platform that enables enterprises to take a strategic, sustainable approach to resolving code, infrastructure and application risk.

Fescaro

Fescaro

FESCARO is a trusted cybersecurity partner for global automakers and their partners, helping them transition to software-defined vehicles (SDVs) with tailored automotive software solutions.