Perimeter security is the focus, but understanding of data security is lacking'

Despite the increasing number of data breaches and nearly 36.6 million data records being lost or stolen in India in 2016 (source: Breach Level Index), the vast majority of IT professionals still believe perimeter security is effective at keeping unauthorised users out of their networks. However, companies are under investing in technology that adequately protect their business, according to the findings of the fourth-annual Data Security Confidence Index released today by Gemalto (Euronext NL0000400653 GTO), the world leader in digital security.

Surveying 1,050 IT decision makers worldwide, businesses feel that perimeter security is keeping them safe. Out of the 100 IT decision makers from India, most (98 per cent) believe that it is quite effective at keeping unauthorised users out of their network. However, 49 per cent are not extremely confident their data would be protected, should their perimeter be breached, a slight decrease on last year (58 per cent). Despite this, nearly seven in 10 (69 per cent) organisations report that they believe all their sensitive data is secure.

Perimeter security is the focus, but understanding of technology and data security is lacking

Many businesses are continuing to prioritise perimeter security without realizing it is largely ineffective against sophisticated cyberattacks. According to the research findings, 93 per cent of Indian respondents said their organisation had increased investment in perimeter security technologies such as firewalls, IDPS, antivirus, content filtering and anomaly detection to protect against external attackers. Despite this investment, two thirds (66 per cent) believe that unauthorised users could access their network, rendering their perimeter security ineffective.

These findings suggest that there is a lack of confidence in the solutions used, especially as over a third (38 per cent) of organisations have seen their perimeter security breached in the past 12 months. The reality of the situation is worsened when considering that, on average, less than 10 per cent of data breached (11 per cent) was encrypted.

Businesses’ confidence is further undermined by over half of respondents (45 per cent) not knowing where [all] their sensitive data is stored. In addition, over a third of businesses do not encrypt valuable information such as payment (33 per cent) or customer (39 per cent) data. This means that, should the data be stolen, a hacker would have full access to this information, and can use it for crimes including identify theft, financial fraud or ransomware.

“It is clear that there is a divide between organisations’ perceptions of the effectiveness of perimeter security and the reality,” said Jason Hart, Vice President and Chief Technology Officer for Data Protection at Gemalto. “By believing that their data is already secure, businesses are failing to prioritise the measures necessary to protect the data they hold and instead focusing on perimeter security that alone is not sufficient to protect critical data. Businesses need to be aware that hackers are after a company’s most valuable asset – data. It’s important to focus on protecting this resource; otherwise reality will inevitably bite those that fail to do so.”

Not all businesses are compliant

The recent set of attacks and increase in the recorded data breaches in India has again brought forth the attention to lack of robust Breach Notification laws in the country as the lack of transparency only aggravates the problem.

“With increase in data breaches in the last 12 months, businesses in India should have policies and procedures in place that are in line with government guidelines. However, what is of concern is that around 31 per cent businesses in India do not have any policies in place to adequately secure the most vulnerable and crucial data they hold, or even understand where it is stored”, said Rana Gupta, Vice President, APAC Sales – Identity & Data Protection, Gemalto. “With cybercrimes at an all-time high, overall, enterprises and individuals need to be extra vigilant in protecting their data against cybercriminals who attack when your guard is down.”