IT decision makers in UK companies say they are more likely to hear about free food in the conference room, staff birthdays and even kitchen etiquette in the office than about security protocols in their business. This is according to figures from the ‘State of the Corporate Perimeter’ report from Centrify Corporation, a cyber security product company.
A survey of 400 IT decision makers (ITDMs) – 200 in the UK and 200 in the US – looks at whether organisations are as secure as they should be. With changing roles within companies and with employees and contractors coming and going, it examines whether providing too many people with too much access to too much data is at the root of potential security beaches.
When asked, 37 per cent said they hear more about employees leaving and joining the company than they do about security protocols in the organisation, while 20 per cent hear more about free food left over after meetings, 18 per cent about holidays/birthdays and 17 per cent about kitchen etiquette. Nearly one in three (30 per cent) of ITDMs admit they have had to fight to have stricter security protocols, while over a quarter (27 per cent) say they have had stricter security protocols denied by their senior management team. US figures were even higher, with nearly half (48 per cent) having to fight for them and 42 per cent having them denied.
The survey also suggests that 45 per cent of ITDMs in the UK say their organisation has been breached in the past, compared to 55 per cent in the US. A quarter of UK respondents (26 per cent) suspect attempts have been made in the last week, while one in seven (14 per cent) say that systems may have suffered attempted security breaches in the last hour.
Barry Scott, CTO EMEA at Centrify, says: “Given the very high profile of data security breaches today, it is surprising that organisations are apparently not taking every opportunity possible to raise the profile of security internally and improve security protocols. As well as from the outside, many security breaches are caused by insider threats, either intentionally by staff or ex-employees taking revenge on their employer or for other malicious reasons, or unintentionally by employees clicking on a link from a potential attacker using social engineering techniques. Regardless of the source, companies should be making every effort to educate users and raise awareness of potential threats and to improve their security training and posture.” Visit http://www.centrify.com/identity-survey/.
