Hardly a week goes by without one or more information theft stories appearing in the news. Today, concerns over data protection have transcended the technical realm and exploded into public consciousness.
Moreover, despite billions spent on cybersecurity yearly, the Privacy Rights Clearinghouse
reports that the number of records breached in 2015 was more than twice that of 2014. Even more alarming, the worst attacks are coming not just from insiders, but from a wide assortment of external actors - including cybercriminals and terrorists, nation-states, and hacktivists.
Often masquerading as insiders, attackers are using stolen or compromised credentials to access all types of data - including financial data, personally identifiable information (PII), and personal health information (PHI).
At the same time, firms are increasingly relying on third parties to handle both non-core and core business functions - which in-and-of-itself can raise security concerns.
From traditional outsourcing to a public cloud, to big-data applications and the emerging Internet of Things (IoT), the data supply chain has radically expanded - causing an exponential increase in the number of people with access to sensitive data.
But even as the line between insiders and outsiders blurs, organizations are expanding their view of security threats to include a wide range of external actors who have access to sensitive data.
Data Vulnerability and Compliance
During 4th quarter 2015, 451 Research and Vormetric Data Security
surveyed 1,100+ senior security executives from across the globe, including the government, retail, finance and healthcare sectors.
The survey results show many companies are still in denial about the threats posed to their data from both insiders and outsiders - as well as the most effective ways to combat them.
For example, better than one-in-five respondents (21.99%) still believe their data is Not at All Vulnerable
to either internal or external threats.
For those who do believe their data is vulnerable - simply believing isn't necessarily enough to protect it.
Respondents were asked the most important reasons for securing sensitive data. One-in-five (21%) cited a past data breach as a reason for securing sensitive data. Another 26.8% cited breaches at other corporate competitors or partners (such as Sony, Home Depot or Target) as motivating their increased attention to data security.
Many security executives worldwide continue to equate compliance with security - nearly two-thirds (64%) view compliance requirements as either "very effective" or "extremely effective" in preventing data breaches, up from 59% a year ago.
Not surprisingly, the more regulated industries - IT, healthcare, financial services and retail - have the most optimistic views on the effectiveness of compliance requirements.
But as we have learned from data breaches at companies that had reportedly met their compliance mandates - like Target - being compliant doesn't necessarily mean freedom from having your data stolen.
Clearly, the old ways of securing data are no longer working as they once did. If doing the same thing over and over and expecting a different result isn't the definition of insanity, today it's a recipe for placing your critical assets at risk.
When it comes to data breaches, the past few years have been challenging ones for the information security industry. The 451 Alliance will continue to focus on security issues, from the perspective of enterprises, end users, and security vendors alike. Our next IT Security survey goes into the field end of March.
To receive more articles like this, join the 451 Global Digital Infrastructure Alliance
. The 451 Alliance
is a member-driven 'think tank' comprised of a worldwide network of highly-qualified enterprise technology and IT professionals. The 451 Alliance
tracks changes in corporate IT and digital infrastructure technologies well in advance of other sources and reports findings directly to its members.
Thanks to our partnership we are able to offer our members a complimentary membership to the 451 Alliance
. Membership includes access to 451 Alliance's
weekly research reports and bi-weekly newsletters. Join now!