In 2015, we saw more data breaches and larger data breaches than ever before with almost half of all organizations suffering at least one serious security incident / data breach in the past 12 months. IDC predicts that by 2020, more than 1.5 billion people, or a quarter of the world’s population, will be affected by data breaches. Given this state of affairs, one would assume that organizations would be wary to call themselves prepared.
Mirroring similar results we discussed a couple of months ago, Voltemic found that 64% of organizations felt that compliance was very or extremely effective at preventing data breaches yet 61% had experienced a data breach in the past (22% within the past year). Given the comparison to earlier data, it looks like these organizations faced fewer data security incidents than averages cited in other studies, and yet this disparity still shows that organizations are placing too much confidence in compliance. This overconfidence can lead to complacency in security preparedness.
In its 2016 Data Threat Report, Voltemic’s survey of 1,100 IT security executives worldwide found that 62% of respondents believed their endpoint and mobile defences are very or extremely effective for data breach prevention, and yet other studies have shown that as many as 36% of cyber security incidents can be tied back to attacks on mobile devices and more than half (53%) of US organizations lack a formal BYOD policy. It’s clear that current endpoint security strategies are not actually effective.
When organizations mistakenly believe that being compliant provides effective security precautions against a data breach, they may stop being proactive in their risk analysis and education and may not be ready to block new risks introduced by new technologies or a growth in Shadow IT. Instead, a posture that assumes a breach is coming will help organizations stay on top of their data’s location, how it’s being used and by whom, at all times, with a plan of action should an incident occur. Organizations that create a culture of securing data, that implement ongoing awareness of data security risks coupled with policies and well-thought-out layers of protective and responsive technologies, are the ones that can say: “Yes, we feel confident about our security, but we also know mistakes happen. We’re prepared.”
Absolute can help you identify potential security threats and respond rapidly before they become damaging security incidents. Absolute Data & Device Security (DDS) allows organisations to persistently track and secure all of their endpoints within a single cloud-based console. Computers and ultra-portable devices such as netbooks, tablets, and smartphones can be remotely managed and secured to ensure—and most importantly prove—that endpoint IT compliance processes are properly implemented and enforced. Learn more here.