Skip to main content

Businesses are too focused on network perimeter security at the expense of defence in depth

A new piece of research from SafeNet has pointed out some worrying aspects regarding business security, including the fact that the majority of organisations – some 60 per cent of them – are not confident that their data would be secure if a hacker was to get past their network's perimeter security.

While 74 per cent of the thousand IT decision makers questioned said they believed their perimeter security was effective at keeping threats at bay, 41 per cent believed that unauthorised users are able to access their networks, figures which don't quite marry up.

44 per cent said their company firewall had been breached, or they weren't sure if it had, which isn't exactly a comforting state of affairs.

The upshot of all this is, SafeNet notes, that while businesses are investing IT budgets in perimeter security and the front line of keeping the bad guys out – 93 per cent said their company's investment in perimeter security had stayed the same or increased – they do so at the expense of defence in depth strategies, and measures like data encryption to ensure that if there is a breach, damage is minimised.

Related: Why your business should practice proactive network security

Two-thirds of those surveyed said they would not decrease spending on network perimeter defences, in favour of other security measures which could give more breadth. When asked to get rid of one way in which sensitive data is protected, most respondents said they'd ditch anomaly detection (49 per cent), or data encryption (24 per cent), with perimeter security being held as more important (only 15 per cent).

It's not too surprising, then, that the majority aren't confident about data security should an attacker get past those hallowed perimeter defences.

Indeed, a quarter of those surveyed admitted that they wouldn't trust their own personal data to be present on their company network, a telling statistic.

Tsion Gonen, chief strategy officer, SafeNet, commented: "The research findings reveal some interesting contradictions between the perception and the reality of data security. What's worrying is that so many organisations are still putting all of their eggs in one basket when it comes to data security. Perimeter security technologies are just one layer of protection, but too many companies rely on them as the foundation of their data security strategy when, in reality, the perimeter no longer exists."

Related: A complete guide to network security and firewall audits

He continued: "From the sheer volume of data breaches alone, it's clear that if a cybercriminal wants to hack the system or steal data, they will find a way to do so. So companies need to focus on what matters most – protecting the data. That means building more intelligent security strategies and using defence-in-depth with multi-factor authentication and placing security directly on the data with encryption."