The 2017 Thales Data Threat Report: European Edition, which polled 100 IT security professionals from UK organisations, reveals that 63 percent of UK businesses increased IT security spend in 2017 – a marked jump from 2016 (54%). Yet despite this increase in IT security spend, more than two in five UK businesses (43%) were breached last year. A further 84 percent of respondents feel that their organisation is still vulnerable to data threats, with one fifth of UK organisations (20%) reporting that they feel ‘very’ or ‘extremely’ vulnerable.
New technologies, old measures
Nearly all respondents in the report (91%) said they will use sensitive data in an advanced technology environment this year, with cloud environments – SaaS (51%), IaaS (47%) and PaaS (37%) – identified as the leading environments for this usage.
As organisations deploy advanced technologies residing outside the traditional walls of the enterprise, network security solutions become increasingly redundant in stopping modern breaches. Despite this shift, UK organisations continue to invest in traditional security measures, which have worked in the past, to protect data. Nearly half of UK organisations (48%) plan to increase network IT security spending – up from 42 percent in 2016 with the majority of respondents (88%) reporting that they believe network security is ‘very’ or ‘extremely’ effective at protecting data from breaches.
Changing perceptions of encryption
The report illustrated a strong understanding of the benefits of encryption to enable digital transformation using advanced technologies. Nearly half of respondents (49%) identified data encryption and secure digital identities using encryption technologies as critical to enabling safe deployments of IoT.
Encryption was also identified as a critical security practice to meet privacy requirements – including the impending EU General Data Protection Regulation (GDPR). Designed to improve personal data protections and increase organisational accountability for data breaches, Article 32 of the GDPR states that organisations must implement “appropriate, technical and organisational measures to ensure a level of security appropriate to the risk, including […] encryption of personal data.”
With the cost of non-compliance amounting up to 4 percent of gross worldwide sales, today’s rates of data breaches could result in crippling fines for UK firms when the GDPR comes into effect in May 2018, if data protection is not properly addressed. Consequently, over half of businesses (57%) selected encryption as the top control planned to address requirements outlined in the new ruling.
With the benefits at front of mind, data at rest defences – such as encryption and access control – are planned for the second highest increase in IT security spend, with 45 percent of UK organisations increasing spending in this area (up from 34% last year).
Peter Galvin, Vice President of Strategy, Thales e-Security says:
”It is certainly encouraging to see that more UK businesses understand the value encryption has in protecting valuable data and enabling digital transformation. But there is still more work to be done in incentivising the remaining 55 percent of UK firms to bolster their security strategies. In today’s increasingly complex threat landscape, robust IT strategies must be in place to protect data in all its forms, wherever it is created, shared or stored.”
To help combat the rising number of data breaches, Thales has provided the following examples of best practice for organisations to adhere to:
· Leverage encryption and access controls as a primary defence for data and consider an ‘encrypt everything’ strategy
· Select data security platform offerings that address a variety of use cases and emphasize ease-of-use
· Implement security analytics and multi-factor authentication solutions to help identify threatening patterns of data use