Security professionals on the front lines fret over possible security breaches, but the rank and file don’t really think about it as much, a new study said.
With an increase in job pressure, 78 percent of respondents feel anxious about the possibility of a breach at their organization, according to a survey conducted in March 2014 by Courion.
IT security executives are increasingly aware they need to maintain brand equity and protect customers’ privacy and personal data.
In the survey, 58.8 percent identified “protecting the privacy of our customers” as their primary goal in addressing a significant security breach, and 62.7 percent admitted they most fear “negative publicity affecting the company brand,” should a breach occur within their organization.
“Our recent survey confirmed what we’ve been hearing from many customers over the past few years, the role of the senior IT security executive is constantly changing,” said Christopher Zannetos, president and chief executive of Courion. “Not only are they thought of as the front line defense for protecting sensitive company and customer information, they also feel responsible for brand image and customer satisfaction. IT security cannot tackle all this alone, however. We believe, and this survey confirmed, that better employee education and management of user access can provide much needed support for the security team.”
Respondents cited “managing user access” and “communicating or enforcing company policies” among top security priorities in 2014, but also believe other stakeholders may not consider the careful control of user access an important issue.
Along those lines, respondents said while 95 percent of their IT security team considers preventing security breaches a serious issue, they believe only 45 percent of the employee base feels the same.
Indifference at the employee level, lack of knowledge and malicious acts by trusted insiders can present a challenge for IT security, as evidenced by the 2014 Verizon Data Breach Investigations Report, which included “insider misuse” as one of the nine basic patterns that all breaches can be described by. Within this pattern, “privilege abuse” was the top threat action observed in 88 percent of security incidents.