Nearly 80 percent of cyber professionals say enterprises must understand behaviours and intent as people interact with critical data and IP
The study surveyed more than 1,250 cybersecurity professionals worldwide across a range of industries, including financial services, oil and gas, and healthcare.
The study shows that cybersecurity professionals are dissatisfied with technology investments, while data sprawl and eroding network boundaries makes security more difficult. However, the survey reveals the potential upside associated with understanding users’ behaviors and intent as they interact with IP and other data underpinning corporate value.
“For years, the cybersecurity industry has focused primarily on securing technology infrastructures. The challenge with this approach, however, is that today’s infrastructures are ever-changing in composition, access and ownership,” said Matthew P. Moynahan, chief executive officer at Forcepoint. “By understanding how, where and why people touch confidential data and IP, businesses will be able to focus their investments and more effectively prioritize cybersecurity initiatives.”
Key findings include:
- Investing in Cybersecurity Tools: Only four percent of cybersecurity professionals are extremely satisfied with cybersecurity investments they’ve made; only 13 percent strongly agree that more cybersecurity tools will improve security
- Data Sprawl and Eroding Network Boundaries: Corporate networks are no longer tightly controlled entities, as data sprawls across a range of systems and devices.
- 28 percent said critical business data and IP may be found in BYOD devices; 25 percent said removable media; 21 percent said public cloud services.
- 46 percent are very or extremely concerned about the co-mingling of personal and business applications on devices such as smartphones.
- Only seven percent have extremely good visibility into how employees use critical business data across company-owned and employee-owned devices; company approved services (e.g., Microsoft Exchange) and consumer services (e.g., Google Drive, Gmail).
- Vulnerabilities at the Intersection of People & Content: There are many points where people interact with critical business data and IP, ranging from email to social media to third party cloud applications and more.
- Email was ranked the greatest threat (46 percent); mobile devices and cloud storage were also deemed significant areas of concern.
- Malware caused by phishing, breaches and BYOD contamination, along with inadvertent user behaviors were seen as the top risks (30 percent each)
- Understanding Behaviors and Intent:
- 80 percent believe it’s very or extremely important to understand the behaviors of people as they interact with IP and other data, but only 32 percent are able to do so very or extremely effectively.
- 78 percent believe understanding intent is very or extremely important, but only 28 percent are able to do so very or extremely effectively.
- 72 percent strongly agree or agree that security could be improved by focusing on the point in which people interact with critical data to better understand behaviors and intent.
More information on this research report, including methodology, demographics and key industry highlights, may be found at www.thehumanpoint.com.