The overwhelming majority of businesses have little faith in their first line of cyber security, research published today has found.
According to the study by digital security company Gemalto, 98 per cent of companies worldwide and 97 per cent of businesses in the UK feel their perimeter security systems, such as their firewall software, are ineffective at preventing unauthorised users from breaking into their networks.
Even those in the IT department have quibbles over their security systems. Although 61 per cent of the 1,100 IT decision makers surveyed said their perimeter security setup was very effective at keeping out unauthorised users, more than two-thirds (69 per cent) admitted that they were not sure that their organisation's data would be safe in the event of a breach.
A similar proportion (66 per cent) of the IT professionals asked believe that it would be possible for an unauthorised user to access their system, with 16 per cent thinking that, once inside the system, people would have access to the entire company's network.
"The days of breach prevention are over, yet many IT organisations continue to rely on perimeter security as the foundation of their security strategies," remarked Jason Hart, vice president and technology chief for data protection at Gemalto. "The new reality is that IT professionals need to shift their mindset from breach prevention to breach acceptance and focus more on securing the breach by protecting the data itself and the users accessing the data."
Read more: Tales from the front line of ethical hacking
Despite more three-quarters (78 per cent) of IT decision makers saying they had readjusted their strategy in response to high-profile breaches, such as the one at TalkTalk last year, and 86 per cent saying they had increased their spending on perimeter security, more than a quarter (27 per cent) said that their company had suffered a security breach in the last 12 months.
Hart continued: "While protecting the perimeter is important, organisations need to come to the realisation that they need a layered approach to security in the event the perimeter is breached. By employing tools such as end-to-end encryption and two-factor authentication across the network and the cloud, they can protect the whole organisation and, most importantly, the data"