New insights from the 2020 Thales Europe Data Threat Report reveal that European organisations have a false sense of security when it comes to protecting themselves, with only two-thirds (68%) seeing themselves as vulnerable, down from nine in 10 (86%) in 2018.
This confidence flies in the face of the findings of the survey of 509 European executives which reveals over half (52%) of organisations were breached or failed a compliance audit in 2019, raising concerns as to why a fifth (20%) intend to reduce data security spend in the next year. The findings come as workers across Europe are working from home due to COVID-19, often using personal devices that don’t have the built-in security office systems do, significantly increasing risk to sensitive data.
Across the board, companies are racing to digitally transform and move more applications and data to the cloud; two-fifths (37%) of European countries stated they are aggressively disrupting the markets they participate in or embedding digital capabilities to enable greater enterprise agility. A key aspect of this transformation is in the cloud becoming the leading data environment. Nearly half (46%) of all data stored by European organisations is now stored in the cloud, and with 43% of that data in the cloud being described as sensitive, it is essential that it is kept safe.
As more sensitive data is stored in cloud environments, however, data security risks increase. This is of particular concern given that 100% of businesses surveyed report that at least some of the sensitive data they are storing in the cloud is not encrypted. Only 54% of sensitive data in the cloud is protected by encryption and even less (44%) is protected by tokenisation, highlighting the disconnect between the level of investment companies are making into cybersecurity and the increasing threats they face.
Multi-cloud adoption complicates data security
Despite the multitude of threats, businesses feel that the complexity (40%) of their environments is holding their data security capabilities back. Multi-cloud adoption is the main driver of this complexity; four-fifths (80%) of businesses are using more than one IaaS (Infrastructure-as-a-Service) vendor, while a third (29%) have more than 50 SaaS (Software-as-a-Service) applications to manage. Businesses also identified a lack of budget (30%), staff to manage (28%) and organisation buy-in/low priority (25%) as other top blockers.
“Businesses are continuing to race towards Digital Transformation and many are increasingly reliant on complex cloud environments, without taking a Zero Trust approach. Data is more at risk than ever, while organisations are unwittingly creating the perfect storm for hackers by not implementing the security basics,” said Rob Elliss, EMEA Vice President for Data Security Solutions at Thales. “Unfortunately, this will result in increasing problems, particularly in a world where working remotely will be part of the new normal, unless companies can step up to the plate when it comes to keeping data safe.”
Quantum(fying) the problem
While organisations continue to look at the threat of today, many are starting to turn their attention to peril that the acceleration of computing power, quantum, could bring to them. In fact, almost all (93%) respondents are concerned Quantum Computing will lead to exploits being created that could expose the sensitive data they hold. What’s more, seven in 10 (69%) European organisations expect quantum to affect their cryptographic operations in the next five years.
As a result, most organisations are reacting, with a third (31%) planning to offset Quantum Computing threats by switching away from static encryption or symmetric cryptography. Furthermore, a similar amount (30%) plans to implement key management that supports quantum safe random number generator.
“It is clear that businesses are aware of evolving threats they face and it’s reassuring to see them acknowledging some of the key steps they need to take – including moving away from static encryption and implementing quantum-proof key management. It’s critical, though, that organisations don’t just look at threats years away, but invest in their cybersecurity processes now and see it as an integral part of their Digital Transformation,” Elliss concluded.Click below to share this article