Balabit, a leading provider of contextual security technologies, today unveiled the results of its pan-European survey into the current state of IT security.
The survey looked at how organisations balance IT security and business flexibility; whether they choose to be more secure by implementing additional controls that might hinder productivity or prefer to have flexible business operations. It also looked at how a promising business opportunity changes the game.
Balabit asked 381 IT executives, CIO’s, CISO’s, auditors and other IT professionals including, but not limited to, the UK, France and Germany, about their thoughts on IT security and business flexibility. When asked about their preference if they need to choose between IT security and business flexibility, 71% of respondents said that security should be equally or more important than business flexibility.
What happens when money comes into the picture?
The same people were asked if they would take the risk of a potential security threat in order to achieve the biggest deal of their life. In this situation security just goes out of the window with 69% of respondents saying they would take the risk, while only 31% said they would not.
“These results show that organisations have a long way to go to balance security and business” said Zoltán Györkő, CEO at Balabit. “They demonstrate that while security overload may be tolerated during normal business, when it comes to big deals the respondents would not hesitate to bypass security to win business. It is important that this is recognised as an issue and dealt with accordingly.”
In order to provide a healthy balance of IT security and business flexibility in practice, organisations require IT security solutions that do not impose onerous processes on users. When processes are bypassed by an insider, or indeed by someone that has gained fraudulent insider access, there is an escalated risk of privileged account misuse.
According to the latest Ponemon Institute Research criminal insiders cause the most data breaches. Because insider misuse cannot be spotted by existing control based security tools, a different approach is required.
“The survey shows that security strategies must take into account human behaviour” continued Györkő, CEO. ”Today’s static control solutions can only go so far. Security teams must have visibility of the context of user actions to be able to respond effectively, and any additional tools must be transparent to the business workflow. We believe that a monitoring based approach that enables companies to respond to suspicious activities in real time can make IT security more business friendly; that is why we developed our Contextual Security Intelligence Suite.”
For more information on the survey visit https://pages.balabit.com/csi-survey.html
About the survey
BalaBit surveyed 381 conference attendees at the EIC (European Identity & Cloud conference 2015) in Munich, InfoSecurity in London and Moscow, Les Assises in Monaco, Confidence and IDC Security Roadshow in Poland. IT executives, auditors, CIOs, and CISOs participating in this survey represented organizations including the telco, finance, government and manufacturing sectors.