Thales warns: businesses are embracing new technologies, but leaving security behind

Businesses don't understand how to protect themselves with the move to the cloud, big data and the IoT

With data breaches climbing to a new record high last year, businesses are turning to emerging technology to protect themselves and their information.

The 2018 Thales Data Threat Report shows that almost every organisation in the world - 94 per cent - has embraced a ‘transformative technology' like the IoT, blockchain, mobile and the cloud.

Thales questioned 1,200 senior executives in Asia, Europe and North America and found that almost all (99 per cent) are using big data, and similar numbers are implementing IoT technologies (94 per cent) and mobile payments (91 per cent). As-a-service models are also gaining in popularity, with wide adoption of SaaS, IaaS and PaaS.

However, the use of these new environments is a factor in the rise in data breaches, Thales warns.

New technologies mean that old security techniques lose their effectiveness, or may no longer work at all. At the time of the 2018 survey, 67 per cent of respondents had been breached, and 36 per cent in the last year. In comparison, 26 per cent had been breached in the last year in the 2017 study.

Report author Garrett Bekker of 451 Research said, "[W]hile times have changed, security strategies have not - security spending increases that focus on the data itself are at the bottom of IT security spending priorities, leaving customer data, financial information and intellectual property severely at risk."

Although nearly 80 per cent of respondents say that data-at-rest solutions are the most effective at preventing breaches (closely followed by network security and data-in-motion), almost 60 per cent are spending the most on endpoint and mobile security. Data-at-rest solutions were at the bottom of 40 per cent of respondents' security budget priorities.

Encryption was another popular technology, acknowledged as the best way to increase cloud security and meet GDPR requirements.