Users find backdoors to do their job
Balabit unveiled the results of its pan-European survey into the current state of IT security.
The survey looked at how organisations balance IT security and business flexibility; whether they choose to be more secure by implementing additional controls that might hinder productivity or prefer to have flexible business operations. It also looked at how a promising business opportunity changes the game.
Balabit asked 381 IT executives, CIO’s, CISO’s, auditors and other IT professionals including, but not limited to, the UK, France and Germany, about their thoughts on IT security and business flexibility. When asked about their preference if they need to choose between IT security and business flexibility, 71% of respondents said that security should be equally or more important than business flexibility.
The same people were asked if they would take the risk of a potential security threat in order to achieve the biggest deal of their life. In this situation security just goes out of the window with 69% of respondents saying they would take the risk, while only 31% said they would not.
“These results show that organisations have a long way to go to balance security and business” said Zoltan Gyorko, CEO at Balabit. “They demonstrate that while security overload may be tolerated during normal business, when it comes to big deals the respondents would not hesitate to bypass security to win business. It is important that this is recognised as an issue and dealt with accordingly.”
In order to provide a healthy balance of IT security and business flexibility in practice, organisations require IT security solutions that do not impose onerous processes on users. When processes are bypassed by an insider, or indeed by someone that has gained fraudulent insider access, there is an escalated risk of privileged account misuse.
”Today’s static control solutions can only go so far. Security teams must have visibility of the context of user actions to be able to respond effectively, and any additional tools must be transparent to the business workflow,” concluded Gyorko.