Three quarters of CEOs admit to using unapproved programs and applications, putting critical data at risk
- Published: Wednesday, 17 May 2017 08:57
Despite knowing the risks facing their organizations business decision makers (BDMs) and CEOs are putting critical data at jeopardy. 75 percent of CEOs and more than half (52 percent) of BDMs admit that they use applications/programs that are not approved by their IT department. This is despite 91 percent of CEOs and 83 percent of BDMs acknowledging that their behaviours could be considered a security risk to their organization. These findings are revealed in Code42’s CTRL-Z Study.
The study explores the pressures faced by CIOs, chief information security officers (CISOs) and other IT decision makers (ITDMs), and compares their responses to the views of CEOs and BDMs who control the majority of the data outside the four walls of the enterprise. The study, which takes into account the views of 800 ITDMs and 400 BDMs within the US, UK and Germany, highlights that security and productivity are intrinsically linked in a data-driven economy.
Brand reputation is at risk due to a heightened focus on productivity over data security
There’s an ever-persistent balancing act between productivity and data protection in the modern enterprise. There is pressure on ITDMs to help the enterprise rapidly recover from a breach, if it hopes to minimise a hit to reputation and ensure customer loyalty. The vast majority (80 percent) of CEOs and 65 percent of BDMs say they use unauthorised applications/programs to ensure productivity. However, half of ITDMs (50 percent) say that their ability to protect corporate and customer data is vital to their company’s brand and reputation — a sentiment that is shared by 50 percent of CEOs and 61 percent of CIOs. The majority of ITDMs do have laptop (86 percent) and server backup (95 percent) in place. However, at least 13 percent and 8 percent, respectively, have not tested their laptop or server backup programs.
This points to their approach being more of a ‘checkbox for compliance’ and not a solution that adds practical value to the employees. If an enterprise-wide failure, such as a widespread and devastating ransomware attack, took place today the questions would be: “Is your IT team prepared to get you back up and running?” and, “How long would you take to be productive again, considering the amount of data held on laptops and desktops?”
“Modern enterprises are fighting an internal battle between the need for productivity and the need for security—both of which are being scrutinised all the way to the CEO. By using unauthorised programs and applications, business leadership is challenging the very security strategies they demanded be put in place. This makes it clear that a prevention-based approach to security is not sufficient; recovery must be at the core of your strategy,” said Rick Orloff, VP and CSO at Code42.
An ever-evolving threatscape requires focus on both prevention and recovery
Now is definitely the time for change, and the enterprises that want to remain competitive are starting to act. It is a time for IT security visionaries and leaders to step forward. While 66 percent of BDMs and 66 percent of ITDMs agree that it will be up to CIO/CISOs to help their businesses adapt to the realities of the new threatscape in 2017, these figures also suggest there’s an opportunity for change. The question remains that, if it’s not the CIO or CISO, then who should take leadership on this front? One thing is certain: globally 88 percent of enterprise ITDMs and 83 percent of BDMs believe that their companies will have to improve their breach remediation in the next 12 months. After all, as the saying goes, “It is not if, but when you will be attacked.”
“The CTRL-Z Study brings a new perspective to my own experience in advising enterprises globally. When it comes business success it is all down to productivity and agility. Security in the modern enterprise is no different. Your strategy has to be built on three key pillars. First, you have to be able to spot risk sooner. Gaining visibility over where your data is, how it moves and who accesses it could act as an early warning system to alert you to both inside and external threats. Second, the enterprise as a whole always needs to be able to bounce back quickly and efficiently. Should a breach occur, your internal teams and the backup solutions you have in place need to be tested and ready to face the activity without it looking like a fire drill. Finally, if your business is to remain competitive, it needs to be able to recover quickly. Time is money, and in the modern enterprise, so is data,” concludes Orloff.www.code42.com