Analysis

Lesser data visibility leads to higher cybersecurity risks: Study

Forcepoint survey reveals cybersecurity is more of a people related concern than technology related with data spilling out of the conventional tightly controlled environments.

Gone are the days when enterprises had absolute control over their data hosted in in-house datacenters and servers. With the rise in cloud adoption and mobility, enterprises now have what global cybersecurity company, Forcepoint calls a ‘data sprawl’.

Companies no longer have absolute control over their critical business data, with IT networks spanning over cloud, removable media and employee devices, thus increasing the risk of cyber threats. In light of this, Forcepoint compiled and released a report titled, “The Human Point: An Intersection of Behaviors, Intent & Data,” with inputs from over 1,000 companies. The respondents are from large and small enterprises, extending across sectors and continents.

A staggering 49 percent of respondents reported the usage of private cloud services to host critical business data, 28 percent reported the usage of BYOD laptops and other devices, 25 percent removable devices and 21 percent public cloud services. However, this trend varies across sectors with only 9 percent of financial services companies using public cloud services compared to 36 percent technology companies and 35 percent hospitality companies.

With the lines between personal and work lives blurring, 46 percent of the respondents revealed concerns about personal and business data co-existing on smartphones. Not surprisingly, larger companies expressed more concern, about 53 percent of companies with more than 25,000 employees compared to about 40 percent companies with less than 1,000 employees.

Companies have begun to lose visibility of their data, admit respondents. Only seven percent of the respondents claim to have extremely good visibility of all critical data, while 58 percent have moderate or slight visibility.

The report highlights the intersecting points of people and data as highest areas of risk. The study reveals that 45 percent of respondents listed email as the greatest risk of this kind, followed by cloud services (42 percent) and mobile devices (40 percent).  Additionally, inadvertent user behavior ranked highest in the list of vulnerabilities associated with people.

Less than 4 percent of the respondents report being extremely satisfied by their cybersecurity tools, while 32 percent are satisfied, 55 percent report being moderately satisfied and about 2 percent are not satisfied at all. With 35 percent respondents having deployed six to 10 cybersecurity tools, there seems to be a raising dissatisfaction with the benefits of these tools.

A staggering 65 percent of the respondents report that they have discontinued the use of at least one to five cybersecurity technologies in the past five years.

With the rise of big data usage among businesses, the question of its usefulness with respect to cybersecurity arises. Only 27 percent report using big data to manage security, while 33 percent say big data makes security difficult.

Furthermore, with more users of critical business data, companies univocally agree on the importance of understanding behavior and the intent driving it. However, only eight percent of the respondents are confident about understanding behavior and seven percent about understanding intent. Almost 63 percent of the respondents admit being slightly to moderately effective in understanding both, while six to eight percent say that they are not effective at all.

When asked about the effectiveness of existing cybersecurity technologies in recognizing unusual activities, about 43 percent reported moderate results, while 24 percent swayed towards slight to no effectiveness.

A majority of the respondents – close to 72 percent – agreed that focusing on users and their behaviors will lead to a better visibility, in turn enhancing security.

With a rise in cloud adoption and enterprises going mobile, it can only be a wait and watch game for enterprises to arrive at a holistic solution in managing cybersecurity and preventing breaches, while not curbing the inevitable digital transformation.