Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Security Pros Say Organizations Investing In Wrong Security Defenses

A little over a third of security professionals believe their organizations are investing in the wrong security technologies, according to a recent survey from SafeNet.

A little over a third of security professionals believe their organizations are investing in the wrong security technologies, according to a recent survey from SafeNet.

In a survey of 230 security professionals in the United States, SafeNet found that 35 percent of the respondents believed their companies were making the wrong investments when it came to security. As a result, 59 percent said data would not remain secure if the organization’s perimeter was breached.

Not surprisingly, nearly two-thirds of the respondents said they expected to be hit by a data breach within the next three years. About 31 percent of the respondents said their networks have already been breached, and 20 percent they didn’t know whether or not they had been reached.

IT Security Solutions“With the epidemic of security breaches from LinkedIn to universities and financial institutions, it’s apparent that everyone is a target, and more and more organizations are accepting that they might be next,” Tsion Gonen, SafeNet’s chief strategy officer, wrote on the company’s Art of Data Protection blog.

However, even though the respondents felt the organizations were spending in the wrong areas, 95 percent said they planned to either maintain, or increase, their investment in network perimeter security, the survey found. And only 18 percent felt more confident in their overall security after increasing spending on network perimeter security, SafeNet said.

Moreover, one in five security professionals in the survey said they wouldn’t trust their own organization to keep their personal data safe.

Even though these professionals are expecting to be breached and don’t really believe their data would be safe, nearly three-quarters of the respondents said their perimeter defenses were effective, SafeNet found.

“The vast majority of organizations accept that attackers will breach their network and steal high-value data, and yet they’re still trusting the same old perimeter security approach to keep their organizations safe. Have we as an industry lost it? Isn’t that the definition of insanity?” Gonen asked.

Organizations need to move out of the “breach prevention” world where the goal was to try to prevent every breach, and into a “breach acceptance” era, where they accept that a breach will happen but that they could control the impact, Gonen said. They need to be thinking about tactics and proper technologies, such as encryption to protect the data and mitigate the impact of the breach.

“You have to assume a network breach and protect what matters – – the data,” Gonen said, as that is the only way to ensure the data is safe regardless of who is in the network.

While perimeter defenses still play an important role in blocking some types of data breaches, organizations have to consider the sophisticated cyber-criminals and attackers with superuser and administrator privileges. While a breach is never fun, security teams can avoid a catastrophe by ensuring the attackers don’t get access to the data, Gonen said.

“While the overall IT and threat landscape has dramatically changed over the past several years, the security industry has been slow to adapt to those changes,” Dave Hansen, president and CEO of SafeNet, said in a statement. “It is clear that maintaining the same approach of years past is antiquated and dangerous,” he said.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...