Holistic security solutions
Traditional security methods should be integrated into a more evolved and robust security strategy, writes Gemalto’s Sebastian Pavie
Nowadays, the number of sophisticated breaches is increasing and therefore relying on perimeter security systems is no longer enough. It is essential that enterprises rethink on their security solutions as the traditional security methods such as firewalls and anti-virus should be integrated in a more evolved and robust security strategy. Hence, companies need to know that it is possible for hackers to breach an entire network, no matter how well protected it is.
Middle East cyber security reality
In recent years, the Middle East has had its share of cyber-attacks and data breaches. Across the region, governments have been doing great investments to ensure their security systems are updated in order to minimize the risks of cyber-attacks. Furthermore, it is important to underline the nationwide e-government and m-government initiatives to facilitate public services that require a lot of IT infrastructure to support these solutions. Despite of maximizing the usability of the services, these initiatives constitute security threats for data, which is why today, more than ever, data protection must be considered seriously by organisations.
According to the study developed by Gemalto on Data Security Confidence Index, in the Middle East, IT decision-makers are planning to spend around 7% of their security budget on perimeter security technology and 13% on firewall technology. Moreover, taking into consideration the recent breaches, only 3% of these correspond to the amount of breached data protected by encryption. Therefore, it is crucial for companies to adopt better data protection solutions that are more robust and will avoid a corporate crisis. On the other hand, Gemalto’s Breach Level Index report for the first half of 2015 shows an increment of 10% of data breaches, while the compromised data records have dropped by 41%. Despite of this decrease, it is important to create awareness on the relevancy of this matter as large data breaches are continuing to expose massive amounts of personal information and identities.
Mind the gap on perimeter security reality
According to Gemalto’s Data Security Confidence Index (DSCI) study results, there is an obvious gap between Perception and Reality of Perimeter Security Effectiveness amongst global IT decision makers.
One of the main key findings of this study revealed that despite the substantial percentage (87%) of IT decision makers trusting their companies’ perimeter security solutions as effective in avoiding breaches, 30% of these respondents admit that their organisations were victims of data breaches. It is thus important to highlight that 90% of the organisations that suffered from these attacks suffered from negative commercial consequences.
The study also shows that the bigger amount of security budget, resources and time that are being spent on protecting customer data rather than protecting their organization’s intellectual property, makes employees not to trust the security solutions of their companies. In fact, almost a quarter of the respondents in our study admitted they do not feel their organization has the security capabilities necessary to keep up with emerging threats and technologies.
Despite of these facts, we observed through the DSCI study that 64% of organizations have increased their investment in perimeter security over the past 5 years. Moreover, an increment of 64% in the investment on perimeter security is expected in the following year. Almost 7% of the security budgets in surveyed organizations are spent on purchasing, deploying and also maintaining perimeter security systems and a similar amount is part of the budget for data protection.
Organisations must adopt long-term strategies. The proliferation and mobility of data constitute a challenge for the companies in protecting their data. Therefore, sensitive assets will always be at a constant risk, while organisations will continue to face internal and external threats.
In this sense, to guarantee the protection of data for the organizations enterprises must apply long term strategies centered on the data itself. By doing so, the organisation will be able to have an information lifecycle model where its systems will be equipped with better data protection solutions and improve its efficiency.
Among these long-term strategies must be a ‘secure the breach’ strategy. Decision makers must take into consideration the importance of customer data by adopting a ‘secure the breach’ strategy that focuses on securing the data even if intruders penetrate the perimeter defenses. Therefore, it is mandatory to attach a direct security to data by using multi-factor authentication and data encryption along with the security of the encryption key. By applying this strategy, the data stolen can no longer be used.
Organisations must also advocate cyber security. To be the best in class, companies need to not only apply the best solutions but also educate the community about the security threats that surround us on a regular basis and that can constitute a serious crisis in both individual and corporate fields. The Middle East shows an increase of awareness among companies on the importance of security for commercial and government organisations by adopting various security technologies.
Hence, security awareness is an important necessity for any organization as it can prevent potential risks that could affect the corporate infrastructure. In this sense, considering the motto of holistic security solutions as the integration of encryption and authentication solutions, we can show to the community how it can contribute to a safer world for the users.
Meanwhile, protecting the valuable data throughout the enterprise is critical as companies want to gain their customers’ trust on the protection of their sensitive data. Furthermore, the organisations need to show the effectiveness of their solutions to meet customers’ expectations. Hence, it is essential an identification of the critical paths in the organisation’s system and their associated risk levels along with a share of knowledge and expertise to minimize both the internal and external threats.