Results from two recent studies suggest that cybersecurity needs an overhaul at most companies with root causes of the problem including poor communication, a lack of employee awareness, slowed productivity and a lack of budget.
In its 2016 Cybersecurity Confidence Report, Barkly, an endpoint security company, surveyed 350 IT pros to determine the top security concerns for 2016 and gauge how confident IT leaders are when it comes to cybersecurity issues. The survey looked at IT leaders' biggest security concerns, levels of confidence around security, number of breaches in 2015, amount of time spent on security, biggest priorities in IT and the downsides to current security solutions -- and, for the most part, the results were grim.
Security is on the top IT leader's mind, especially as hacks become more frequent, sophisticated and malicious, but the report also uncovered some shocking truths about cybersecurity in the enterprise. The report showed major flaws in how businesses and IT leaders approach security, and it boils down to a lack of communication between the C-Suite and IT leaders, as well as a general frustration with how security slows down overall productivity in the company.
But just because security might bog down productivity, or IT leaders and executives suffer from a lack of communication, businesses need to remain vigilant regarding security. Jack Danahy, CTO and co-founder of Barkly, says efficiency should be redefined. "Good security does not bog down efficiency. Efficiency can't be measured by how fast a single user can accomplish a particular task; it must be directly linked to the performance of the organization as a whole."
Confidence in security is low
For IT pros did not express high levels of confidence when it comes to security. Fifty percent reported that they aren't confident in their current security products and initiatives, while one in five don't believe it's even possible to have effective endpoint security. The study shows that three out of four IT leaders say employees' understanding of cybersecurity is, at best, moderate -- which only further diminishes confidence in cybersecurity.
For employees, it's a matter of them not understand what's at stake if they ignore security protocol -- oftentimes they simply feel security measures hinder their productivity, which only motivates them to take shortcuts. Danahy likens enterprise security to a pilot getting a plane ready for take-off. After boarding, passengers have to sit and wait for the pilot to complete a checklist, and it might mean the plane gets off the ground a bit later than scheduled, but "no one thinks of this as bogging down the flying process. It is a thoughtful, proven technique to ensure a higher level of safety."
Sign up for CIO Asia eNewsletters.