infoTECH Feature

April 20, 2015

The Gap Between Perception and Reality of Perimeter Security Effectiveness

Information systems have always been subject to attacks and breaches. Some tend to go under the radar, while others attack information that is not of any use, but the unfortunate fact is that they happen. A couple of Christmases ago this was really brought to light when Target (News - Alert) was breached, and hundreds of customer accounts were accessed.

Within the 12 months that followed, Home Depot was hacked and in July 2014 JPMorgan Chase was breached with 76 million household and seven million small business accounts being compromised. According to the financial institution, the hackers made off with very limited information, much of it available in public records.

Nonetheless, the overall feeling is that there was just poor security at all of the companies that were breached over the past couple of years. These companies did not see anything like this coming and were not prepared. The belief is also that these types of breaches are not going away and will only be getting bigger.

Gemalto (News - Alert) is an international digital security company providing software applications, secure personal devices such as smart cards and tokens, as well as managed services. It is considered to be the world’s largest manufacturer of SIM cards. Recently it released findings of its report entitled “2015 Data Security Confidence Index (DSCI).”

The research was conducted on behalf of Gemalto by Vanson Bourne. More than 900 individuals across the U.S., U.K., Europe, Middle East and Asia-Pacific were polled. The group of respondents included security and IT executives across various verticals, including financial services, healthcare, manufacturing, the public sector, telecommunications, utilities, retail, construction, insurance, legal and more.

Essentially, the results show that almost 90 percent of the respondents had a lot of confidence in their companies’ perimeter security measure and believe them to be very effective at keeping out security threats. This is the perception, in reality 30 percent admitted that their companies were breached and data was accessed.

Just to give you a visual, you can think of perimeter security as the moat around the castle. It is designed to keep out anyone that is not allowed access. The heavily armed guards inside the castle walls are equivalent to the security measures placed on the data itself. While the perception is that the moat will keep everyone out, the reality is that there are ways of scaling the wall and breaching security measure.

According to the report, the breaches that I mentioned earlier on high profile companies has led to 71 percent of the respondents saying that although they are still focusing on perimeter security, they have made adjustments their overall security strategy. In fact, the report also shows that as many as 72 percent of those surveyed are increasing their investment in perimeter security measures.

Tsion Gonen, who is vice president of strategy for identity and data protection at Gemalto, said "With the number of sophisticated breaches on the rise, relying on perimeter security systems alone is no longer enough. Traditional security staples such as firewalls and anti-virus should be part of a much greater security strategy. IT decision makers need to take into account that if someone is motivated enough they will breach a network, no matter how well it is protected."

When I hear about the security breaches and how the systems were attacked and how long it took these companies to find out about it, the conclusion that I keep coming to is that the hackers are smarter and definitely more creative. As soon as new security measures are created, they seem to almost immediately have the ability to be hacked and breached.

If you run a restaurant or gift shop, there is probably not too much information that can be gained from a breach, however, if you are a retail outlet or financial institution, a breach of any size will most likely have a negative effect on your business. This is brought to light as Gemalto’s results show that 90 percent of the organizations attacked suffered negative commercial consequences. Some of the results included;

  • 31 percent delays in product or service development
  • 30 percent decrease in employee productivity
  • 28 percent decrease in customer confidence
  • 24 percent negative press

Bad press is something that is very difficult to overcome, as it directly ties into a lack of customer confidence. As systems become more sophisticated, hackers become more creative in how they can breach these systems. It is quite possible that a company’s perimeter security measures are enough to keep all unwanted access out. It seems obvious since 87 percent of IT decision makers feel comfortable with their organization’s measures, but is it really enough?

Gonen concluded that "Organizations still place too much emphasis on perimeter security, even though it has proven to be ineffective. Decision makers should place greater importance on customer data and look to adopt a 'secure the breach' approach that focuses on securing the data after intruders penetrate the perimeter defenses. This means they need to attach security directly to the data itself using multi-factor authentication and data encryption, as well as securely managing encryption keys. That way, if the data is stolen, it is useless to the thief."

Edited by Dominick Sorrentino

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers