A survey of 201 IT security professionals in the UK has revealed how existing cyber security practices at organisations are far from perfect, thereby raising questions about their preparedness for GDPR.
IT security professionals at a number of enterprises are prioritising the security of certain applications and services, thereby leaving other areas exposed to cyber-attacks and malware injections.
The survey, conducted by security firm VMware, has revealed how IT security professionals at enterprises are frustrated with the lack of understanding among leadership teams about the importance of cyber security as well as the lack of available funding for urgent projects.
While those in IT security teams understand how vulnerabilities in websites or apps can compromise proprietary and customer data stored by their firms, they struggle to make their leadership teams understand the criticality of such vulnerabilities as the latter view cyber crime as merely a cost of doing business and nothing more.
At the same time, IT security professionals are forced to pay disproportionately high attention to the security around certain websites and apps, thereby leaving security flaws in other services exposed to hackers. Over 70 percent of those surveyed said that they dedicate more resources to the security around e-banking and other applications rather than focussing on all areas of exposure equally.
While 9 in 10 of all IT security professionals admitted that they made certain compromises to protect their businesses, thereby leaving other areas exposed, over half of them said that they have had to make such compromises regularly.
'This past era of compromise towards cybersecurity must end. A revised approach to protecting digital assets, starting at a security by design philosophy, is required to allow IT security professionals to dynamically manage the myriad of threats now faced. This involves understanding that cybersecurity does not begin and end with IT but is a challenge for the whole organization,' said Richard Bennett, head of accelerate and advisory services at VMware.
The findings of the present survey are very similar to those of a survey of 175 IT security professionals conducted by Bromium in July last year. The survey had revealed that as many as 94 percent of employees prioritised productivity over security concerns.
At the same time, 64 percent of security professionals admitted that they had to modify security to allow employees more freedom to work and 40 percent had even turned off security firewalls to accommodate requests from various departments.
'While it isn’t a shock that users prioritise productivity and convenience over security, we’ve always assumed the IT security team set the agenda when it comes to protecting IP, customer data, and the network. But it’s clear they are often overruled and executive leadership may not be aware of these competing priorities,' said Ian Pratt, co-founder at Bromium.
'This should not be the case. Security teams should not put in this position. Security is in place to protect a company’s most valuable assets. Having to fight with peers over when it is applied puts a company at significant risk,' he added.