In an era where operational agility can be a significant differentiator, IT shops face a dilemma: should they adopt security systems that tend to slow down networks and processes with inspections and filtering, or apply a lighter security framework in the name of productivity?
According to Barkly’s 2016 Cybersecurity Confidence Report, 41% of respondents said they are dissatisfied with their current solution because it slows down their system. For those shops, it could mean that colleagues are taking insecure shortcuts to improve efficiency, such as using unauthorized third-party apps or connecting unsanctioned devices to the network. For others that say their security hasn’t slowed them down, it could indicate a weakened security profile overall.
Barkly’s research draws a clear line between front-line IT pros’ and the C-suites’ opinions around security. Respondents indicated that they believe IT teams prioritize security higher than the C-level, with nearly two-in-five respondents stating that IT teams believe it to be an essential priority, compared to only 27% of C-level executives. Which could lead to productivity being prioritized over security.
“This report proves that from the CISO to the entry-level IT pro, organizations must be better aligned when it comes to security. When there’s a disconnect in priorities, level of understanding and measurement, even a seemingly strong security initiative is destined to fail,” said Jack Danahy, co-founder and CTO of Barkly. “Once teams understand each other's priorities and concerns around security, they can implement the tools they really need, that will best protect their endpoints from ever-increasing, complex threats.”
The survey also revealed that the biggest issues IT teams have with current solutions are that they require too many updates (36%), are too expensive (33%) and provide no protection against zero-day attacks (33%).
Despite increased spending on IT security, just half (50%) of survey respondents said they are confident in their current solution. More than half of respondents (54%) don’t believe their organization can effectively measure security ROI, and only a quarter (25%) have confidence in their colleagues’ cybersecurity awareness. While a majority of IT pros believe effective security is possible, the low confidence levels prove that organizations should be taking a closer look at improving their security posture.
There’s also a disconnect between IT teams and the C-level when it comes to their biggest concerns—while the C-level is more worried about insider threats, IT teams feel that careless, uninformed employees are a higher risk. When asked how they would improve security within their organizations, C-suite respondents said they would rather buy new software, while front-line IT pros would prefer to educate their colleagues.
Photo © LeoWolfert