While 91 percent of enterprises said they still worry about threats to data, many of them are still focusing on the wrong security priorities to best help protect themselves from data breaches and other attacks, according to a recent survey. The 2016 Vormetric data threat report—sponsored by security startup Vormetric and conducted by analyst firm 451research—found that compliance is the top area of focus for enterprises when it comes to security because they equate compliance with protecting critical data.
Common thinking among companies is that if they meet compliance requirements, it will be enough to keep data safe, according to the report, penned by 451 Research Senior Analyst Garrett Bekker. This is despite the fact that data breaches actually occur more often in organizations certified as compliant, he said.
“Compliance does not ensure security,” he said in a Vormetric press release announcing the report. “As we learned from data theft incidents at companies that had reportedly met compliance mandates (such as Anthem, Home Depot and others), being compliant doesn’t necessarily mean you won’t be breached and have your sensitive data stolen.”
Still, organizations apparently aren’t getting the message, according to Bekker, because nearly two thirds of those surveyed, or 64 percent, rated compliance as very or extremely effective at stopping data breaches. Vormetric offers enterprise data security for physical, virtual, big data and cloud environments. 451 Research conducts research on IT business innovation, and polled 1,100 senior IT security executives at large enterprises worldwide to compile the results of the report.
Indeed, with the focus on compliance that the report shows, investments in IT security controls are also misplaced, Bekker said. Most of these investments focus mainly on perimeter defenses that consistently fail to stop breaches and cyber attacks that are becoming increasingly sophisticated, according to the report.
With the rates of data breaches on the rise—with 61 percent experiencing a breach in the past, 22 percent in the last year and 39 percent in the previous year—organizations need to shift their priorities away from compliance to a more holistic approach to security, the report found.
Recommendations include making more extensive use of encryption and access controls as a first line of defense for data-at‐rest—such as locally in the data center, in cloud, big data and Internet of Things (IoT) environments–and considering an “encrypt everything” strategy, Bekker wrote.
The report also advised organizations to avoid the complexity and cost of implementing multiple data-security solutions and instead select a platform offering that addresses a variety of use cases, emphasizes ease of use, and offers encryption, enterprise key management, access control and security intelligence. Moreover, companies should implement security analytics and multi‐factor authentication solutions to help identify threatening patterns of data use and to reduce unauthorized access risks, according to the report.