Following the new research findings from tech consultancy firm CEB, which note that 90+% of employees violate breach prevention policies, IT security experts from Synopsys Software Integrity Group and Balabit commented below.
Mike Ahmadi, CISSP, Global Director – Critical Systems Security at Synopsys Software Integrity Group:
“I do not find it surprising that employees violate data breach policies, because I have indeed been in the same situation. In one case the IT department simply did not have any failure mode in place to compensate for instances where the policies caused a halt in workflow, due to any of a number of reasons. I was still expected to get the job done, and the lower level IT support staff would often suggest the workaround. Most employees do not want to willingly violate these policies, in my experience, but the business world penalizes lost productivity and does not reward employees who use the excuse “I was following the data loss policy guidelines. Unless usability remains stable and workflow is not hindered, employees at all levels will violate these policies.”
“With each new data point that demonstrates employees’ willingness to forgo information security in favor of convenience, one fact becomes increasingly clear: organizations have a long way to go in order to balance security and business.” said “Today’s findings demonstrate the need for enterprises to recognize this fact and prepare accordingly for real time monitoring to prevent data leaks by both intruders and insiders.
“Today’s results are especially discouraging. A similar 2015 survey conducted by Balabit showed a full 69% of employees as being willing to bypass security for expediency, and today’s 90% number – although conducted among a different target group – marks significant increase in just a year. So in other words, while hackers are getting more malicious and creative in their approaches, organizations may be becoming more complacent. Both trends are moving in the wrong direction.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.