New research from US tech consultancy company CEB, says that employees pose a bigger threat than hackers even though companies are increasing technology investments to protect against external data breaches. IT security experts from Synopsys and Tripwire commented below.
Mike Ahmadi, Global Director – Critical Systems Security at Synopsys:
“I do not find it surprising that employees violate data breach policies, because I have indeed been in the same situation. In one case, the IT department simply did not have any failure mode in place to compensate for instances where the policies caused a halt in workflow due to any of a number of reasons. I was still expected to get the job done, and the lower level IT support staff would often suggest the workaround. Most employees do not want to willingly violate these policies, in my experience, but the business world penalises lost productivity and does not reward employees who use the excuse “I was following the data loss policy guidelines.” Unless usability remains stable and workflow is not hindered, employees at all levels will violate these policies.”
Tim Erlin, Senior Director, Product Management at Tripwire:
“Data protection shouldn’t be an inhibitor to business, but it’s often perceived that way. In many ways, these survey results indicate the failure of IT security to adequately account for the needs of the very businesses they protect. If users are circumventing controls, there’s always a reason why. It may be tempting to believe that it’s simply out of convenience or laziness, but the reality is that everyone has a job to get done, and no one wants to do more work than is required.”