BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

69% of users would avoid security controls to make big business deals

From: Jake <jake () riskbasedsecurity com>
Date: Fri, 20 Nov 2015 14:01:12 -0500
http://www.scmagazineuk.com/69-of-users-would-avoid-security-controls-to-make-big-business-deals/article/454996/

Some 69 percent of users would bypass security controls so they could
win business. However, 71 percent feel that security should have
equivalent or even more important business flexibility.

The findings come from a pan-European survey conducted by Balabit
which questioned 381 IT executives, CIOs, CISOs, auditors and other IT
professionals from the UK, France, Germany and others in regard to
their thoughts on IT security and business flexibility.

The respondents were asked if they would take the risk of a potential
security threat to make the biggest deal of their life. Almost 70
percent said that they would take the risk.

Organisations enforce the use of IT security solutions that don't
dictate difficult processes on users for a healthy balance of IT
security and business flexibility. There is an increased risk of
account misuse when an insider or someone that has gained false access
avoids processes.

“These results show that organisations have a long way to go to
balance security and business,” said Zoltán Györkő, CEO at Balabit.
They demonstrate that while security overload may be tolerated during
normal business, when it comes to big deals the respondents would not
hesitate to bypass security to win business. It is important that this
is recognised as an issue and dealt with accordingly. Security teams
must have visibility of the context of user actions to be able to
respond effectively, and any additional tools must be transparent to
the business workflow.”
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: