Cybersecurity education efforts are yielding results, with 61 percent of respondents to a survey conducted by Palo Alto Networks saying they would speak with IT before introducing new devices onto a corporate network or adding business applications and tools onto unsecured devices.
With more than 25% of identified attacks in enterprises expected to involve IoT by 2020, [1] – and many expected to enter the workplace – this survey finding represents a significant step in the right direction and demonstrates that employees’ knowledge and understanding of their role in cybersecurity is improving.
However, the contrasting findings from this survey of business managers – who typically have the salary and tendency to be early adopters of new technology – are that 39 percent would fly under IT’s radar. This leaves a large margin for risk.
Further still, of the group that doesn’t go to IT, one in every eight would “not tell anyone” about bringing a new device into an organisation or installing corporate tools, such as email, onto unsecured devices.
Attitude Impacts Adherence
The survey found that adherence to cybersecurity policies, such as those around the introduction of a new device, is largely guided by personal attitudes and views toward technology. Of those who have circumvented their company’s cybersecurity policy in the past, the prevailing reason for doing so was that they wanted to use a more efficient tool or service, or one that was considered to be the best in the market. Companies need to enable, not limit, employee choices, using technology and education to manage risk.
Temporary Employees Require Full-time Supervision
Contractors were the group most often seen to be bypassing company guidelines on cybersecurity, with 16 percent of respondents saying they had seen a temporary employee circumvent policies.
“BYOD is now a mature concept, but many still struggle to manage the blurry lines between personal and business data access by personal devices. Many organisations have deployed solutions to manage devices, but the anxiety comes from their broad connectivity, especially as the boundaries between business-driven cloud services and personal ones become less clear, which creates unknown bridges between business networks and the Internet at large. Modern state-of-the-art security must be able to prevent any device communication becoming the point of a breach and minimise risk for an organisation.”the eording to Gartnerch and risto ensure any device communication is enabled to prevent it becoming the point of breach and risk” said Greg Day, VP and regional CSO, EMEA at Palo Alto Networks.
Recommendations
– Organisations should continue with employee education efforts to ensure that those on the front line of defences have the skills they need to identify threats.
– Security professionals should closely monitor the activity of non-permanent employees or contractors and ensure they receive the same policy information as full-time staff.
– Organisations should integrate up-to-date security solutions that fit with new technology trends in order to eliminate the weaknesses exposed in an evolving computing environment.
– Businesses should look at how they identify and enable the safe use of trusted or sanctioned cloud services and applications and manage the use of those that are untrusted and unsanctioned.
[1] According to Gartner press release, “Gartner Says Worldwide IoT Security Spending to Reach $348 Million in 2016”, April 25, 2016, http://www.gartner.com/newsroom/id/3291817