Data Doesn’t Lie: Exposure Points Leave IT In The Dark
October, as anyone who follows the infosec industry knows, is National Cybersecurity Awareness Month. We have some great blog posts coming up that speak to the cybersecurity awareness theme, so I’d urge you to keep an eye on our blog (which I hope you’re already doing with regularity!).
With cybersecurity awareness as the backdrop, our annual Market Pulse Survey – issued earlier this year – shines a light on the major exposure points organizations are struggling to protect. What the report also dives into is the disconnect between the corporate policies that IT leaders put in place and the reality they face – much of what’s happening across the corporate network is outside of IT’s purview. Think shadow IT and BYOD as two examples of this. With so much at risk as the data breach landscape only heightens with time, IT teams cannot afford to be left in the dark any longer.
We took a second look at the Market Pulse Survey, uncovering a couple of interesting ‘Did You Know’ questions to consider:
More than half of respondents (55%) say that one of the key reasons that employees in departments other than IT wind up introducing the most risk is that they lack the skills and understanding needed to avoid risk. So when employees start enacting things like shadow IT or BYOD, their awareness of the risks that these practices can and do impose is unfortunately pretty limited.
Of those respondents with corporate security policies in place, 3 in 10 respondents admit that their users are not actively following them. With 72% of respondents concerned about the increased risk that BYOD and shadow IT present, it’s clear that enterprises need to better define and enforce corporate security policies company-wide.
More than 7 in 10 of respondents agree their organization’s data would be less exposed if they were better equipped to manage it. In other words – corporate policy and security training can only go so far. Technology needs to play an active role, too. A further 71% of respondents with an identity governance solution in place acknowledged that having a solution like that in place would result in a more automated and efficient (and secure) organization.
What does all of this mean for companies who are trying to keep their brand out of the headlines? That it is equally important that corporate security policies are not only employed but that users actually understand the policies and put them to good use. On top of that, IT department leaders need to be in-the-know when it comes to what applications their users are deploying and importantly, what security policies apply for safe usage. Ultimately, there is no one ‘answer’ to the cybersecurity ‘trilemma’ that enterprises face today – it requires a combination of people (understanding and sticking to corporate security policies and awareness), processes (the right corporate security policies in place – and adhered to!) and technology (an identity governance foundation in place to give IT the ‘who’ in ‘who has access to what’ and the ‘what’ they have access to).
For more Market Pulse Survey takeaways, I’d encourage you to download the full report here.