Malware and weaponized attacks are keeping IT and business decision makers up at night, especially against the backdrop of cloud and mobility in the enterprise.
According to the first-ever Dell Data Security Survey, nearly three in four (73%) of decision-makers are somewhat to very concerned about malware and advanced persistent threats (APTs)—despite the fact that most have anti-malware solutions in place. In fact, only about 20% of respondents said they are “very confident” in their ability to protect against sophisticated malware attacks.
Concern over malware threats is highest in the United States (31% say they are “very concerned”), France (31%) and especially India (56%). Malware is a lesser concern in Germany (only 11% are “very concerned”) and Japan (12%).
“The fact that IT and business decision makers are not confident in their anti-malware defense implies that they may be using outdated or ineffective tools,” said Brett Hansen, executive director, Data Security Solutions, Dell. “When IT teams do not have the resources they need to proactively prevent threats and stay on top of the evolving threat landscape, they are forced to play defense using threat detection and remediation alone.”
And while respondents are more worried about spear phishing attacks (73% are concerned) than any other breach method, mobility and cloud migration are especially in the crosshairs for security-minded companies.
The report uncovered a clear trend of employers feeling that they have to limit mobility in order to protect data. The majority of respondents from mid-market companies (65%) said they are holding back plans to make their workforce more mobile, for security reasons. And while the common narrative is that all offices are becoming more open to the use of personal devices, and two in five respondents are interested in allowing greater mobility for enhanced employee productivity, a full 67% are hesitant to introduce a bring-your-own-device (BYOD) program.
In fact, 69% of respondents say they are still willing to sacrifice individual devices altogether to protect their company against a data breach.
The report suggests that this kneejerk reaction is likely to backfire. “When organizations opt out of creating sanctioned, secure mobility programs, they open themselves up to other risks,” said Hansen. “Mobility and security can easily co-exist with modern data security technology that uses intelligent encryption to protect data whether it’s at rest, in motion or in use.”
So far, a majority (82%) of decision-makers have attempted to limit data access points to enhance security, because 72% believe that knowing where data is accessed will make their data protection measures more effective. But, another 57% of respondents are concerned about the quality of encryption used by their company.
Respondents also see their data at risk in public cloud platforms. With more employees using public cloud services like Box and Google Drive in the workplace, decision makers are not confident in their ability to control risks posed by these applications. Nearly 80% of respondents are concerned with uploading critical data to the cloud, and 58% are actually more concerned than they were a year ago.
As a result, the survey revealed that about 38% of decision makers have restricted access to public cloud sites within their organization due to security concerns.
These concerns aren’t translating into action, however. Only one in three organizations cite improving secure access to public cloud environments as a key focus for their security infrastructure, yet 83% say that employees are either using, or will soon be using, public cloud environments to share and store valuable data. About 57% of decision makers who are current cloud users, and 45% of those planning to use public cloud platforms, will rely heavily on cloud vendors to provide security.
“Security programs must enable employees to be both secure and productive, and this means enabling technology that helps them do their jobs,” said Hansen. “Companies can try to limit or prohibit public cloud use, but it’s more effective to use intelligent data encryption to protect corporate data wherever it may go, and reduce the risk of employees working around restrictive policies in order to be productive.”
Given the expansion of the threat landscape, data security, after decades of languishing in the backwaters of IT cages, has become a priority for C-suite executives, the survey revealed. Nearly three in four decision-makers agree that data security is a priority for their organization’s C-suite, with more than half expecting to spend more money on data security in the next five years.
That said, the report found that a lack of investment in streamlined technologies and a shortage of talent are both barriers to fine-tuning data security programs. Nearly half (49%) of respondents believe they need to spend more time securing their data in the next five years than they are today. But, 69% of decision makers still view data security as a burden on their time and budget. And, the majority of decision makers (58%) believe that their organization is adversely affected by the shortage of trained security professionals in the industry.
“These findings suggest that the C-level has to be more engaged when it comes to integrating data security strategies into their business,” said Steve Lalla, vice president of commercial client software and solutions for Dell. “They understand the need to invest in their security infrastructure, but that isn’t translating into updating or expanding their current systems to adequately prevent modern attacks.”
Photo © auremer