Balancing enablement with protection: the threat from within
Over millennia, human beings have evolved an understanding of physical security. Common sense tells us not to walk down a dark street alone, invite strangers into our houses or shout our personal details from the rooftop. In an interconnected, digital world however, we’re simply still too trusting, with the familiarity of technology in our daily lives breeding a sense of false security.
A recent piece of Cisco research conducted in Europe, the Middle East, Africa and Russia highlighted that while many organisations may believe they are secure, the vast majority don’t take threats as seriously as they should. Many breaches stay open for more than a year before discovery and more than ninety percent of customer networks observed in 2014 were identified as having traffic going to websites that host malware. One of the main sources of threats is also often overlooked; a lack of awareness and ownership amongst an organisation’s employees. In fact, employee behaviour (52 percent) comes only second to cybercrime (60 percent) as the greatest sources of risk to data security.
Simultaneously, as the dynamics of the workplace continue to evolve, with more digital natives coming on board, an increasingly large divide is also growing between the expectations of employees and the attitudes of the IT department. Although just over half (57 percent) feel they understand the need for security, 12 percent of employees, insulated from the true reality of threats by the IT department, believe innovation is stifled by what they see as restrictive security policies. A further 13 percent also believe it makes the ability to get their jobs done harder to the point where 14 percent will even go so far as to actively circumvent their organisation’s security policies.
In response, there has never been a better time for IT to prove its capability as the enabler of the business. Addressing the challenge to empower employees to be innovative, businesses need to start challenging their own approaches to technology and security.
Establishing more user-friendly policies is a start; policies that limit risk while allowing employees the freedom to perform without feeling caged. As business leaders, let’s acknowledge we are working with ‘humans’ who need to be made aware, adapt and learn new behaviours. At the same time we should ensure users are more aware of the challenges they face and are encouraged to own the responsibility for security at an individual level.
CISOs and IT managers need to feel empowered to start taking IT back into the business and act as the powerhouse behind disruptive innovation and agility. Security should no longer operate as a siloed IT function, but a core business process and enabler. Let’s seek to drive change and think about solutions from the user perspective, making the best use of IT to be more productive whilst securing users themselves rather than solely their devices. Fundamentally, this means embedding security into all operations across the business and making sure processes are managed and evolve to reflect the threat landscape.
Join us on Friday 23rd January at 13:00 for a live discussion with Cisco and PwC, exclusively on LinkedIn. In the session we’ll discuss how CISOs and business leaders can address the evolving threat landscape http://linkedin.studiotalk.tv/show/security-insights.