Enterprises have the wrong priorities on security spending

A new survey reveals a disconnect between the security solutions organizations spend money on and the ability of those solutions to protect sensitive data.

The study from security solutions company Thales e-Security and 451 Research finds that while 30 percent of respondents classify their organizations as 'very vulnerable' or 'extremely vulnerable' to data attacks the two top spending priorities are network (62 percent) and endpoint (56 percent) protection solutions.

Spending on data-at-rest solutions like encryption, however, comes last at (46 percent. This is despite the fact that 68 percent of respondents have experienced a breach with 26 percent experiencing one in the last year. It's also despite overall security spending going up, in the 2017 report 73 percent of organizations say they increased IT security spending, up from 58 percent in last year’s survey.

"Organizations keep spending on the same solutions that worked for them in the past but aren't necessarily the most effective at stopping modern breaches," says Garrett Bekker, senior analyst, information security at 451 Research. "Data protection tactics need to evolve to match today's threats. It stands to reason that if security strategies aren't equally as dynamic in this fast-changing threat environment, the rate of breaches will continue to increase."

The report also looks at the drivers behind security spending. Almost half (44 percent) of respondents listed meeting compliance requirements as their top spending priority, followed by best practices (38 percent) and protecting reputation/brand (36 percent). Compliance is 'very' or 'extremely' effective at preventing data breaches according to 59 percent.

All industries polled identified cyber criminals as the top threat (44 percent), followed by hacktivists (17 percent), cyber terrorists (15 percent) and nation-states (12 percent). When asked about internal threats, 58 percent of respondents believe privileged users are the most dangerous insiders (a slight drop from last year’s 63 percent). At 44 percent, executive management are seen as the second-most-risky insiders, followed by ordinary employees (36 percent) and contractors (33 percent).

"Enterprises today must inevitably confront an increasingly complicated threat landscape," says Peter Galvin, vice president of strategy at Thales e-Security. "Our world, which now includes the cloud, big data, the IoT and Docker, calls for robust IT security strategies that protect data in all its forms, at rest, in motion and in use. Businesses need to invest in privacy-by-design defense mechanisms -- such as encryption -- to protect valuable data and intellectual property and view security as a business enabler that facilitates digital initiatives and builds trust between partners and customers."

More detail on the findings is available on the Thales blog.

Image Credit: Manczurov / Shutterstock