New research from US tech consultancy company CEB, says that employees pose a bigger threat than hackers even though companies are increasing technology investments to protect against external data breaches. IT security experts from Synopsys and Tripwire commented below.
Mike Ahmadi, Global Director – Critical Systems Security atSynopsys:
“I do not find it surprising that employees violate data breach policies, because I have indeed been in the same situation. In one case, the IT department simply did not have any failure mode in place to compensate for instances where the policies caused a halt in workflow due to any of a number of reasons. I was still expected to get the job done, and the lower level IT support staff would often suggest the workaround. Most employees do not want to willingly violate these policies, in my experience, but the business world penalises lost productivity and does not reward employees who use the excuse “I was following the data loss policy guidelines.” Unless usability remains stable and workflow is not hindered, employees at all levels will violate these policies.”
Tim Erlin, Senior Director, Product Management atTripwire:
“Data protection shouldn’t be an inhibitor to business, but it’s often perceived that way. In many ways, these survey results indicate the failure of IT security to adequately account for the needs of the very businesses they protect. If users are circumventing controls, there’s always a reason why. It may be tempting to believe that it’s simply out of convenience or laziness, but the reality is that everyone has a job to get done, and no one wants to do more work than is required.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.