UK Cyber Security Spending Misplaced?
The UK is the most breached country in Europe, according to a survey of 400 senior security managers by cyber security company Thales released today – with 37 percent of respondents saying they were breached in 2017 – up from 22 percent on the previous year.
Rates of failure in the last year” or data security compliance audits also soared: more than one in three of respondents polled in European enterprises reported a failed compliance audit in the last year.
Chief Strategy Officer at Thales, Peter Galvin said, “A tidal wave of data breaches is continuing to roll across Europe, with three in every four organisations now a victim of cyber-crime. As a result, people are feeling more vulnerable than ever before, worried about where the next threat will come from, and in what form.”
Misguided Spending?
The report found that respondents clearly recognise the defences designed specifically for protecting data are the most effective tools for doing so.
Data-at-rest defences were rated as the most effective tools for protecting data, with 72 percent responding that they were either ‘very’ or ‘extremely’ effective. However, data-at-rest security tools are not getting a high priority in spending increases.
“In fact, the data-at-rest defences that are the most effective at protecting large data stores are the lowest priority for increases in IT security spending, at only 36 percent”, the report’s authors noted.
At the same time, increases in IT security spending are greatest for endpoint (51 percent) and network (44 percent) defences, even as these tools become are no longer wholly effective against attacks designed to compromise data.
See also: Talos “Deeply Concerned” as Killer Malware Hits 54 Countries, 500k Routers
Network and Endpoint-Based Security Controls Inadequate
The combination of spear phishing with zero-day exploits available to criminal hackers makes it almost impossible to keep intruders away from critical data stores solely with network and endpoint-based security controls, Thales highlighted/
“As respondents recognise, the most effective solutions are security controls that provide an additional layer of protection directly around data sets. Data-at-rest and data-in-motion security tools can reduce attack surfaces, and provide the information needed to quickly find and stop attacks designed to mine critical data while in progress,” Thales noted.
“Cloud computing also makes network security tools less relevant as increasingly infrastructure is no longer implemented within the four walls of the enterprise. In fact, the vast majority of new projects are implemented using cloud resources”
Peter Galvin from Thales further explained: “To stand the best chance of success against these advanced attacks, businesses need to dedicate the appropriate level of attention, budget and resource into safeguarding their sensitive data, wherever it happens to be created, shared or stored.”