There is a huge disconnect between corporate confidence in security preparedness and the number of actual security incidents that occur each year.
We see this as one third of organizations have experienced a data breach in the past 12 months, according to the recently updated Data Security Confidence Index released by Gemalto. In statistics released only this past week by the ITRC, the number of breaches also continues to rise, with 18.8% more breaches in the first half of 2016 than in 2015.
The Data Security Confidence Index is a global database of data breaches which calculates “severity” on multiple dimensions, including type of data and number of records stolen, the source of the breach, and whether or not the data was encrypted. These figures focus less on the number of breaches and more on the number of records exposed in its analysis of data breaches. According to this release, there have been 3.9 billion records breached since 2013, up from 2.98 billion just this past year.
A False Sense of Security
Despite these trends, organizations regularly report on how effectively their security systems will hold up under threat.
Of the 1,100 IT decision makers surveyed worldwide, 61% said their perimeter security systems (firewall, IDPS, AV, content filtering, anomaly detection, etc.) were very effective at keeping unauthorized users out of their network. This same level of overconfidence has been shown in other surveys, relating both to network and endpoint protections. This false sense of security could lead to complacency and a lack of readiness to deal with the real and growing threats to organizational data.
The Influence of High Profile Breach Coverage
Is the media partly to blame for this confidence gap?
Media coverage does not always paint a true picture of data risks. In the case of some breaches, media organizations are not always able or willing to provide all the facts of a breach. When the breach involves the personal data of thousands, if not millions, of people then coverage of a breach can sometimes cause more harm to the victims.
Due to the high profile nature of many recent data breaches, 78% of those surveyed have adjusted their strategies, often spending more on perimeter security. However, investing solely in perimeter-based security overlooks the growing role that the endpoint and Insider Threats play in data security. Indeed, a growing number of cyberattacks on corporate networks can be tied directly back to the endpoint. According to several reports, human error accounts for more than half of all data breaches, something which does not improve when you increase the spending on perimeter-based security.
Shoring up the Insider Threat, where people accidentally or maliciously put data at risk, means creating a culture that fosters security, bolstered with technology to gain visibility into where data resides, no matter where it resides. A security policy only goes so far, when it’s being ignored. Monitor and protect against malicious and negligent insiders, regardless of user, location or whether they’re on or off network with Absolute DDS.