Story image

74% of CISOs say cybersecurity hinders productivity & innovation

23 Oct 2017

The need for comprehensive cybersecurity is ever increasing with the rise of malicious cybercrime – but it’s coming at a cost.

Bromium released the findings of an independent survey conducted by Vanson Bourne of 500 CISOs from large enterprises in the US (200), UK (200) and Germany (100),

The main finding?  IT security is hindering productivity and innovation across enterprises, as most security teams utilise a ‘prohibition approach’ where they restrict user access to websites and applications – a tactic which is creating major frustration for users.  

A whopping 88 percent of enterprises prohibit users from using websites and applications due to security concerns, while 94 percent are investing in web proxy services to restrict what users can and can’t access.

Unsurprisingly, these restrictions do come with implications as 74 percent of CISOs said users have expressed frustration that security is preventing them from doing their job and 81 percent said that users see security as a hurdle to innovation.

As a result, IT help desks are spending an average of 572 hours a year responding to user requests and complaints regarding access to websites.

This mounting frustration has caused an uneasy relationship between IT, security and the user, with 77 percent of CISOs saying they feel stuck in a ‘catch-22’ where they’re caught between letting people work freely and keeping the enterprise safe.

A further 71 percent said that they are being made to feel like the bad guys, because they have to say ‘no’ to users requesting access to restricted content.

“At a time when competition is fierce, the risk of falling behind and being less productive is as big a risk to an enterprise as cyberattacks. Security has to enable innovation by design, not act as a barrier to progress,” says Ian Pratt, president and co-founder of Bromium.

“Sadly, traditional approaches to security are leading to frustrated users, unhappy CISOs and strained relationships between workers and IT departments – all of which stifles business development, innovation and growth. This is unacceptable in a world where time to market is a vital driver for business success. We need to put an end to this catch-22 between security, productivity and innovation – things need to change.” 

Bromium asserts this ongoing problem suggest enterprises need a new approach to security.

“The way security works today is broken. It is unacceptable that end users are making help desk requests just to download documents and access websites they need to do their job,” Pratt says.

“It is also unfair that IT and security are seen as the enemy when they are simply trying to keep the organisation safe. But it doesn’t need to be this way. There is a way to let end users click with confidence while keeping the organization safe. It’s called application isolation.”

Pratt says application isolation puts the activities activities most often targeted by cybercriminals – downloading files, using applications, browsing the internet – into micro virtual machines, which protects the network because when these activities are initiated malware is trapped inside the container.

“This new approach to security transforms the relationship between the user and IT,” Pratt says.

”Now, instead of users calling IT to say there is a problem, they call to say they trapped some malware. Security teams congratulate the end user and then have the opportunity to extract and analyse the malware. This allows users, IT and security to work together to gather threat intelligence that protects the business at large.”

Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.