Enterprises and small-to-medium businesses (SMEs) worldwide in 2018 are bolstering their security strategies based on Europe’s upcoming data protection regulation, with a new poll showing more than half of organizations pledge to add identity and access security solutions.
More than half of respondents say the GDPR, which takes effect in May, weighs heavily on their current security strategy decisions. 60% plan to spend up to 24% of their technology budgets on security this year; while 18% will spend 49%; and almost 25% will spend more than half of their budget on cyber defenses. Last year, only 15% of respondents said they planned to invest this much in cyber resilience.
The GDPR compels organizations that process EU customer data to comply with a new, unified set of data protection standards. Organizations that fail to comply risk hefty fines – up to €20 million in some cases.
Asked what security threats they currently fear, 35% of companies cited internal threats, while 65% names external threats as their biggest worry. 46% said they plan to deploy smart cards this year, while nearly 8% will deploy virtual smart cards, and 28% will deploy both.
However, traditional user name & password authentication remains the top means for securing identities, used by 89% of respondents. And, despite their inherent risks, 29% still plan to deploy user name and password solutions, and even one-time passwords (17%).
On the bright side, many companies pledge to deploy stronger authentication tools this year, including smart cards (47%), biometrics (36%), virtual smart cards (26%), and PKI (23%).
A recent cybercrime report reveals the volume of identity theft has doubled over the last two years. An account takeover occurs on average once every 10 seconds, and fraudsters can create complete identities from scratch and open new accounts by quilting together data harvested from breaches like the Equifax incident.
Also worth noting is that hackers increasingly use social engineering to “layer” their efforts and avoid detection.