A little over a third of security professionals believe their organizations are investing in the wrong security technologies, according to a recent survey from SafeNet.
In a survey of 230 security professionals in the United States, SafeNet found that 35 percent of the respondents believed their companies were making the wrong investments when it came to security. As a result, 59 percent said data would not remain secure if the organization's perimeter was breached.
Not surprisingly, nearly two-thirds of the respondents said they expected to be hit by a data breach within the next three years. About 31 percent of the respondents said their networks have already been breached, and 20 percent they didn't know whether or not they had been reached.
"With the epidemic of security breaches from LinkedIn to universities and financial institutions, it's apparent that everyone is a target, and more and more organizations are accepting that they might be next," Tsion Gonen, SafeNet's chief strategy officer, wrote on the company's Art of Data Protection blog.
However, even though the respondents felt the organizations were spending in the wrong areas, 95 percent said they planned to either maintain, or increase, their investment in network perimeter security, the survey found. And only 18 percent felt more confident in their overall security after increasing spending on network perimeter security, SafeNet said.
Moreover, one in five security professionals in the survey said they wouldn't trust their own organization to keep their personal data safe.
Even though these professionals are expecting to be breached and don't really believe their data would be safe, nearly three-quarters of the respondents said their perimeter defenses were effective, SafeNet found.
"The vast majority of organizations accept that attackers will breach their network and steal high-value data, and yet they’re still trusting the same old perimeter security approach to keep their organizations safe. Have we as an industry lost it? Isn’t that the definition of insanity?" Gonen asked.
Organizations need to move out of the "breach prevention" world where the goal was to try to prevent every breach, and into a "breach acceptance" era, where they accept that a breach will happen but that they could control the impact, Gonen said. They need to be thinking about tactics and proper technologies, such as encryption to protect the data and mitigate the impact of the breach.
"You have to assume a network breach and protect what matters – - the data," Gonen said, as that is the only way to ensure the data is safe regardless of who is in the network.
While perimeter defenses still play an important role in blocking some types of data breaches, organizations have to consider the sophisticated cyber-criminals and attackers with superuser and administrator privileges. While a breach is never fun, security teams can avoid a catastrophe by ensuring the attackers don't get access to the data, Gonen said.
"While the overall IT and threat landscape has dramatically changed over the past several years, the security industry has been slow to adapt to those changes," Dave Hansen, president and CEO of SafeNet, said in a statement. "It is clear that maintaining the same approach of years past is antiquated and dangerous," he said.