How people-based actions put critical data at risk

While 80 percent of respondents believe it’s important to understand the behaviors of people as they interact with intellectual property and other critical business data, only 32 percent are able to do so effectively. Further, 78 percent believe understanding user intent is important, yet only 28 percent of those surveyed currently have this capability.

Satisfaction with deployed cybersecurity tools

people-based actions risk

The Forcepoint study surveyed more than 1,250 cybersecurity professionals worldwide across a range of industries, including financial services, oil and gas, and healthcare.

The study shows that cybersecurity professionals are dissatisfied with technology investments, while data sprawl and eroding network boundaries makes security more difficult. However, the survey reveals the potential upside associated with understanding users’ behaviors and intent as they interact with IP and other data underpinning corporate value.

“For years, the cybersecurity industry has focused primarily on securing technology infrastructures. The challenge with this approach, however, is that today’s infrastructures are ever-changing in composition, access and ownership,” said Matthew P. Moynahan, CEO at Forcepoint. “By understanding how, where and why people touch confidential data and IP, businesses will be able to focus their investments and more effectively prioritize cybersecurity initiatives.”

Data sprawl and eroding network boundaries

Corporate networks are no longer tightly controlled entities, as data sprawls across a range of systems and devices.

  • 28 percent said critical business data and IP may be found in BYOD devices; 25 percent said removable media; 21 percent said public cloud services.
  • 46 percent are very or extremely concerned about the co-mingling of personal and business applications on devices such as smartphones.
  • Only seven percent have extremely good visibility into how employees use critical business data across company-owned and employee-owned devices; company approved services (e.g., Microsoft Exchange) and consumer services (e.g., Google Drive, Gmail).

Investing in cybersecurity tools

Only four percent of cybersecurity professionals are extremely satisfied with cybersecurity investments they’ve made. Only 13 percent strongly agree that more cybersecurity tools will improve security.

Importance of understanding human behavior

people-based actions risk

Vulnerabilities at the intersection of people and content

There are many points where people interact with critical business data and IP, ranging from email to social media to third party cloud applications and more.

  • Email was ranked the greatest threat (46 percent); mobile devices and cloud storage were also deemed significant areas of concern.
  • Malware caused by phishing, breaches and BYOD contamination, along with inadvertent user behaviors were seen as the top risks (30 percent each).

Understanding behaviors and intent

  • 80 percent believe it’s very or extremely important to understand the behaviors of people as they interact with IP and other data, but only 32 percent are able to do so very or extremely effectively.
  • 78 percent believe understanding intent is very or extremely important, but only 28 percent are able to do so very or extremely effectively.
  • 72 percent strongly agree or agree that security could be improved by focusing on the point in which people interact with critical data to better understand behaviors and intent.

Source: Help Net Security – News @ February 22, 2017 at 12:47AM

0
Share