Most IT professionals in the Middle East believe their perimeter security is effective at keeping unauthorized users out of their networks, despite nearly 1.4 billion data records globally and 45.2 million data records in the Middle East being lost or stolen in 2016, according to a study by digital security firm Gemalto.
Companies are, perhaps because of this over-confidence, under-investing in technology that protects their business, according to the fourth-annual Data Security Confidence Index released by Gemalto.
Middle East businesses feel that perimeter security is keeping them safe, with most (84%) believing that it is quite effective at keeping unauthorized users out of their network, according to the study that surveyed 1,050 IT decision makers worldwide.
However, 66% of respondents are not confident their data would be protected, should their perimeter be breached.
Perimeter security is the focus, but an understanding of technology and data security is lacking, the research report noted.
Many businesses are continuing to prioritize perimeter security without realizing it is largely ineffective against sophisticated cyber-attacks.
According to the report, 74% of Middle East IT professionals said their organization had increased investment in perimeter security technologies such as firewalls, IDPS, antivirus, content filtering and anomaly detection to protect against external attackers.
Despite this, 74% believe that unauthorized users could access their network, rendering their perimeter security ineffective, according to the study.
The study suggests that there is a lack of confidence in the solutions used, especially as half (50%) of Middle East organizations have seen their perimeter security breached in the past 12 months.
The situation is worsened when considering that, on average, less than 5% of data breached was encrypted.
Businesses’ confidence is undermined by over half of respondents (52%) not knowing where their sensitive data is stored, the study found.
In addition, over a third of businesses (36%) do not encrypt valuable information such as payment and over a half (54%) do not encrypt customer data.
This means that, should the data be stolen, a hacker would have full access to this information, and can use it for crimes including identify theft, financial fraud or ransomware, the report said.
There is a divide between organizations’ perceptions of the effectiveness of perimeter security and the reality, said Sebastien Pavie, enterprise and cybersecurity director for Middle-East, Africa, and Turkey at Gemalto.
By believing that their data is already secure, businesses are failing to prioritize the measures necessary to protect the data they hold and instead focusing on perimeter security that alone is not sufficient to protect critical data, said Pavie.