Story image

Businesses collecting more data than they can handle - Gemalto

11 Jul 2018

Two in three companies (65%) are unable to analyse all the data they collect and only half (54%) of companies know where all of their sensitive data is stored, research by Gemalto has found.

Compounding this uncertainty, more than two-thirds of organisations (68%) admit they don’t carry out all the procedures in line with data protection laws such as GDPR.

These are just some of the findings of the fifth-annual Data Security Confidence Index, which surveyed 1,050 IT decision makers and 10,500 consumers worldwide.

The research found that business’ ability to analyse the data they collect varies worldwide with India (55%) and Australia (47%) best at using the data they collect.

In fact, despite nine in 10 (89%) global organisations agreeing that analysing data effectively gives them a competitive edge, only one in five Benelux (20%) and British (19%) companies are able to do so. 

Gemalto data protection vice president and CTO Jason Hart says, “If businesses can’t analyse all of the data they collect, they can’t understand the value of it – and that means they won’t know how to apply the appropriate security controls to that data.”

“Whether it’s selling it on the dark web, manipulating it for financial gain or to damage reputations, unsecured data is a goldmine for hackers.

“You only need to look at the recent hacks on the World Anti-Doping Agency and International Luge Federation to see the damage that can be done,” Hart says.

“What’s more, data manipulation can take years to discover, and with data informing everything from business strategy to sales and product development, its value and integrity cannot be underestimated.” 

Confidence in securing the breach is low

When it comes to how data is being secured, the study found that almost half (48%) of IT professionals say perimeter security is effective at keeping unauthorised users out of their networks.

This is despite the majority of IT professionals (68%) believing unauthorised users can access their corporate networks, with Australian companies being the most likely (84%) and the UK the least (46%).

However, once the hackers are inside, less than half of companies (43%) are extremely confident that their data would be secure.

UK businesses are the most concerned with just 24% prepared to say they’re extremely confident, with Australia the highest (65%).

Even though there is still faith in how they’re securing their networks, one third (27%) of companies reported that their perimeter security had been breached in the past 12 months.

Of those that had suffered a breach at some point, only 10% of that compromised data was protected by encryption, leaving the rest exposed.

Consumers say compliance is critical

According to the study, a growing awareness of data breaches and communications around GDPR have led to the majority (90%) of consumers believing that it is important for organisations to comply with data regulations.

In fact, over half (54%) are now aware of what encryption is, showing an understanding of how their data should be protected.

Hart adds, “It’s time organisations got their houses in order; starting with who oversees their data security.

“A central figure such as a Data Protection Officer – essential in some circumstances under GDPR – must be appointed to the board to lead data security from the top down.

He says, “Next is having more insight and analysis on the data collected to ensure that it is both correctly protected and enabling more informed business decision making. Finally, a mindset change.

"Organisations must realise that it’s no longer a case of if, but when a breach occurs, and protect their most valuable asset – data – through encryption, two-factor authentication and key management, rather than solely focusing on perimeter protection.”

Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.
Cloud application attacks in Q1 up by 65% - Proofpoint
Proofpoint found that the education sector was the most targeted of both brute-force and sophisticated phishing attempts.
Singapore firm to launch borderless open data sharing platform
Singapore-based Ocean Protocol, a decentralised data exchange that promotes data sharing, has revealed details of what could be the kickstart to a global and borderless data economy.
Huawei picks up accolades for software-defined camera ecosystem
"The company's software defined capabilities enable it to future-proof its camera ecosystem and greatly lower the total cost of ownership (TCO), as its single camera system is applicable to a variety of application use cases."
Barracuda expands MSP security offerings with RMM acquisition
Managed Workplace delivers an RMM platform with security tools and services, such as site security assessments, Office 365 account management, and integrated third-party antivirus.