Skip to main content

Compliance does not ensure security, experts say

Companies are approaching the data safety issue the wrong way, the latest report by Vormetric suggests, issued in conjunction with analyst firm 451 Research.

The enterprise data security for physical, virtual, big data and cloud environments firm, today announced the results of its 2016 Vormetric Data Threat Report, which polled 1,100 senior IT security executives from large businesses worldwide.

Key findings suggest that the rate of breaches is up, with 61 per cent experiencing one in the past. From that number, 22 per cent happened within the last year, and 39 per cent in the previous one.

Another key finding is that a vast majority (64 per cent) are confident compliance is extremely effective at preventing cyber-breaches. This is an increase, as 58 per cent thought the same thing last year. Senior analyst at 451 Security, and the report’s author, Garrett Bekker, thinks otherwise.

“Compliance does not ensure security,” he says. “As we learned from data theft incidents at companies that had reportedly met compliance mandates (such as Anthem, Home Depot and others), being compliant doesn’t necessarily mean you won’t be breached and have your sensitive data stolen. But we found that organisations don’t seem to have gotten the message, with nearly two thirds (64%) rating compliance as very or extremely effective at stopping data breaches.”

Compliance was also the number one spot for IT spend for 46 per cent of senior IT security executives polled.

“Organisations are also spending ineffectively to prevent data breaches, with spending increases focused on network and endpoint security technologies that offer little help in defending against multi-stage attacks,” added Bekker. “It’s no longer enough to just secure our networks and endpoints.”

IT security investments seem to be misplaced, as the majority of enterprises focus on perimeter defences that keep on failing.

The full 2016 Vormetric Data Threat Report can be found on this link.