Spending More on Security Doesn’t Stop Data Breaches
Data breaches are on the rise despite the fact that organizations now are spending more on IT security. That’s according to a new report by Thales e-Security and 451 Research.
The 2017 Thales Data Threat Report, in its fifth year, polled 1,100 senior IT security executives at large enterprises around the world. It shows an “ongoing disconnect” between the security services organizations spend money on and the ability of those services to protect sensitive data.
More than two-thirds (68 percent) of respondents have experienced a breach, with more than a quarter (26 percent) being breached in the last year — both up from last year’s report. Also, overall security spending is up, with almost three in four (73 percent) organizations reporting increased spending this year, up from 58 percent last year.
Mike Coffield, Thales’ vice president of global channel strategy, tells Channel Partners that enterprise organizations still are utilizing “traditional perimeter solutions, such as network and endpoint security, over encryption.”
“With the increase in cloud, virtualization and geographically distributed environments, it is impossible to protect the perimeter because it simply no longer exists,” he said. “For channel partners, the key takeaway is that they need to deliver the right security solutions to their customers that protect sensitive data wherever it resides, instead of investing in legacy solutions that are no longer effective at thwarting modern breaches.”
Eighty-eight percent of respondents still feel some degree of vulnerability to data threats, down slightly from 90 percent in the previous year, but still at an “alarmingly” high level, according to the report. Those feeling “extremely vulnerable” rose slightly, to 9.1 percent, from 8.2 percent.{ad}
“In today’s complex digital environments and with threats constantly evolving, security strategies must be equally as dynamic,” Coffield said. “Organizations have businesses to run; being constantly distracted by the next security threat does nothing to contribute to their bottom line. The clear and present requirement for the channel is to deliver comprehensive solutions that mitigate today’s threats and empower organizations to concentrate on their core business. Doing so will not only eliminate organizations from being on the front page of the Wall Street Journal for all the wrong reasons, but it will also afford the channel partner a key seat at the table for any future needs the organization may have.”
Compliance remains the primary reason for spending on data security by a “stubbornly wide” margin over implementing security best practices, the second strongest driver, according to the report. However, fewer respondents (60 percent) viewed compliance requirements as “very or extremely effective,” down from 64 percent last year. Meanwhile, brand and reputation fell to 36 percent, down from 50 percent in last year’s report, as a primary reason for security spending.
Complexity remains the top barrier to more aggressive adoption of data-security offerings, chosen by half of respondents. Lack of staff trailed by a considerable margin in second place at 36 percent.
Nearly two in five (40 percent) are using Docker containers for production applications. At the same time, 47 percent cite security as the top barrier to broader Docker container adoption.
“The most popular container solution, Docker, was only introduced in 2013,” Coffield said. “This underscores how fast technology is changing and how fast companies are adopting them. Failure to intertwine security with this rapid adoption of technology can be a security nightmare later on. With the right channel partner, this scenario can be largely avoided.”