Despite increased spending on security, the majority of organisations believe a database security breach would be the greatest risk to their business, according to a new Oracle sponsored research by CSO Custom Solutions.
Out of the 110 firms surveyed, about 66% said they adopt a security inside out strategy, while 35% base their strategy on end point protection.
Respondents from industries, including financial services, government and high tech, said that more than two thirds of their IT security resources remain allocated to protecting the network layer, while less than one third of the staff and budget resources were allocated to protecting core infrastructure like databases and applications.
According to the survey, 44% believe that databases were safe because they were installed deep inside the perimeter, while 59% plan to increase security spending in the next year.
The study found that in 35% of organisations, security spend was influenced by sensational informational sources rather than real organisational risks.
About 40% of respondents said that implementing fragmented point solutions created gaps in their security while 42% believe that they have more difficulty preventing new attacks than in the past.
Oracle chief security officer Mary Ann Davidson said IT Security has to focus attention on the most strategic assets.
"Organisations can’t continue to spend on the wrong risks and secure themselves out of business. When attackers do break through the perimeter, they can take advantage of weak security controls against the core systems by exploiting privileged user access, vulnerable applications, and accounts with excessive access", Davidson said.
"Organisations have to get the fundamentals right – which are database security, application security and identity management."
