Data breaches and IT security spending rise in parallel
Thales, a leader in critical information systems, cybersecurity and data security, announces the results of its 2017 Thales Data Threat Report: Mexico and Brazil Edition, issued in conjunction with analyst firm 451 Research. This year’s report found that 75% of Brazilian respondents claim to have experienced a data breach at some time in the past – the second highest of any country polled in the 2017 Report. A further breakdown of the statistic reveals over one-quarter (28%) encountered a breach in the last year and 9% of Brazilian respondents have been repeatedly breached.
Spending priorities, budget misallocation creating vulnerabilities
In May 2016 and after years of effort, the Brazilian government filed The Data Protection Bill in Brazil. Ultimately, the bill failed to pass and this lack of compliance pressure – and typically, the fines that go along with it – may explain why only 20% of Brazilian respondents cite “preventing data breaches” as an IT security spending priority.
This year’s findings also demonstrate Brazilian respondents have fallen into the legacy technology trap. Despite network security’s inherent deficiencies, 88% selected it as ‘very’ or ‘extremely’ effective at protecting data from breaches. Spending preferences show a similar bias, with 69% planning to increase spending on network security and 70% on endpoint security. Data-at-rest security, a proven strategy for stopping data breaches, comes in last with 56% planning an increase in spending.
Advanced technologies bring promise and problems
Additionally, the deployment of advanced (cloud, Big Data, IoT and container) technologies has further complicated matters for Brazilian organizations. While 100% of Brazilian respondents will use sensitive data in an advanced technology environment this year, 80% believe the data in question is not secure.
Respondents do however appear to view encryption as an increasingly effective defense against data breaches. It is the top security solution to address privacy and sovereignty requirements (selected by 61% of respondents), protect IoT environments (64%) and protect container environments (49%). Sixty-five percent would increase their cloud deployments if cloud service providers offered data encryption in the cloud with enterprise key control.
Peter Galvin, VP of strategy, Thales eSecurity says:
“More than two-thirds of Brazilian respondents believe their organizations are vulnerable to data threats. This is particularly troublesome when we consider some of the technologies being deployed. For example, 65% of respondents are leveraging SaaS environments, and 51% Big Data environments. Without proper data security solutions in place – such as encryption, key management, tokenization and privileged user controls – companies put themselves at risk for even more breaches”.
Brazilian organizations interested in protecting existing legacy data sources while also taking advantage of advanced technologies should strongly consider:
- deploying security tool sets that offer services-based deployments, platforms and automation;
- discovering and classifying the location of sensitive data within cloud, SaaS, big data, IoT and container environments; and
- leveraging encryption and Bring Your Own Key (BYOK) technologies for all advanced technologies
Please download a copy of the new 2017 Thales Mexico and Brazil Report for more detailed security best practices.