June 25, 2014
The inability of employees to follow computer access policies is the greatest threat to an organization’s data security, just slightly ahead of professional hackers. Yet, as a new report reveals, the majority of IT managers still believe it is ‘easy’ to protect their organisation’s security and defences against a data breach. The research, commissioned by Courion, found that 43 percent of respondents felt they could have better relations with Human Resources in managing staff access rights, with a majority (59 percent) not feeling confident they had enough help to make dealing with insider threats easier. This follows a recent separate study into staff attitudes to IT security that found staff could be ambivalent about how they use their access rights – for example, 39 percent share work login details with colleagues and 1 in 5 of UK professionals said they would snoop on sensitive personal data if they had access to it.
Yet despite the obvious data risks, the survey found a majority (63%) of IT security managers said they believed it was ‘easy’ to govern staff access rights and privileges, despite the fact that 42 per cent admitted they either do not have or are unsure of their ability to monitor and prevent breaches caused by accidental or deliberate staff actions.
The survey also confirmed the pressures those responsible for IT face in managing data security, with 45 per cent saying their organisation had suffered a data breach. Any confidence they may exhibit masks fears over job losses (42%), severe reprimands (41%) and demotion (34%) if their organisation suffered a data breach.
Courion CEO Chris Zannetos commented, “Like elsewhere, UK CISOs and IT managers are under immense pressure to prevent data breaches. What’s striking is many are finding it difficult to get the support needed to appropriately address insider threats. IT infrastructures have become increasingly complex as the access needs of users constantly change. This makes it challenging for CISOs and IT managers to understand, and as a result effectively communicate, exactly where business risk lies.
The survey polled 100 senior IT security professionals including CISOs in companies with more than 500 employees.