In light of the numerous recent hacks on high-profile companies, it would appear more UK organisations are waking up and taking action to ensure they don’t find themselves in the same situation. According to findings in our 2017 Data Threat Report: European edition, 63 per cent of UK businesses plan to increase IT security spend in 2017 – a huge jump from the 54 per cent we recorded in 2016.
While this is certainly positive in theory, the worrying reality is that the number of data breaches suffered by UK organisations has actually increased in the past year, despite this rise in IT security spending.
Over the past year, two in five UK organisations were breached. What’s more, 84 per cent of businesses feel that their organisation is still vulnerable to data threats, with one fifth of UK organisations reporting that they feel ‘very’ or ‘extremely’ vulnerable.
So it leads us to ask the question: are they spending money on the wrong defences?
In short, yes.
Relying on tried and tested methods
Our study shows that nearly half (48%) of UK organisations plan to increase their spending on network and endpoint security solutions, and the majority of respondents (88%) believe network security is ‘very’ or ‘extremely’ effective at protecting data from breaches.
Of course, these security measures have, in the past, helped keep the bad guys out. But building a bigger fence or a taller wall to protect an organisation’s most precious data from malicious threats isn’t going to cut it these days. Organisations are moving an increasing amount of data into the cloud, and sharing it across connected devices. In fact, a staggering 91 per cent of UK organisations now use sensitive data in an advanced technology environment, with cloud – SaaS (51%), IaaS (47%) and PaaS (37%) – identified as the leading environment for this usage.
As organisations deploy advanced technologies outside the traditional walls of the enterprise, the network perimeter no longer remains a static entity. It is constantly moving and, as such, network security solutions become increasingly redundant in stopping modern breaches.
New technology, new thinking
It’s time for organisations to rethink their cyber security strategies to ensure they better reflect what is happening in the real world. Failure to do so could not only make them more vulnerable to malicious attacks but, come May 2018, it could also make them non-compliant to new data protection regulations such as the impending EU General Data Protection Regulation (GDPR).
It is, therefore, encouraging to see that more and more businesses are starting to understand the value encryption has in protecting valuable data and enabling digital transformation. In fact, over half of UK organisations (57%) selected encryption as the top control planned to address requirements outlined in the new data protection regulation. A further 45 per cent have also said they plan to increase spending in data at rest defences – such as encryption and access control.
But that still leaves 55 per cent that need to bolster their security strategies.
In today’s increasingly complex threat landscape, robust IT strategies must be in place to protect data in all its forms, wherever it is created, shared or stored. It’s time to break with tradition. By leveraging encryption and access control as a primary defence for data, and considering an ‘encrypt everything’ strategy, organisations will be better positioned to stand up to potential threats and challenges on the horizon.
Download your copy of the 2017 Thales Data Threat Report: European Edition here.