Respondents reveal that organizations grapple with understanding impact of peoples’ motivations and intent
India – February 27, 2017 – Global cybersecurity leader Forcepoint™ today released results from a new study – The Human Point: An Intersection of Behaviors, Intent & Data.” The study was compiled through input of more than 1,250 cybersecurity professionals worldwide.
The study shows that while cybersecurity professional are dissatisfied with technology investments – and a combination of data sprawl and eroding network boundaries makes security more difficult – there are opportunities to improve security postures and results. Rather than focusing solely on security from a technology perspective, the survey’s results reveal potential upside associated with understanding users’ behaviors and intent as they interact with critical business data, such as intellectual property.
“For years, the cybersecurity industry has focused primarily on securing technology infrastructure. The challenge with this approach, however, is that infrastructure is ever-changing,” said Matthew P. Moynahan, chief executive officer at Forcepoint. “By understanding how, where and why people touch data, businesses will be able to focus their investments and more effectively prioritize cybersecurity initiatives.”
Key findings presented in the report include:
Data Sprawl and Eroding “Network” Boundaries: Corporate networks are no longer tightly controlled entities with clear boundaries. The definition of a corporate network must be reconsidered given the expansive nature of applications, systems and infrastructure connected to critical business data. For example, respondents reported a variety of systems with limited corporate control are used in the context of critical business data, such as private cloud services (49 percent), BYOD laptops or other devices (28 percent), removable media (25 percent) and public cloud services (21 percent).
In addition, the growing use of BYOD and corporate policies allowing social media usage is creating concern. In fact, nearly half of respondents (46 percent) are very or extremely concerned about the co-mingling of personal and business applications on devices such as smart phones.
Losing Visibility of Critical Business Data: Data sprawl is making it more difficult for cybersecurity professionals to maintain visibility into how employees use critical business data across company-owned and employee-owned devices; company approved services (e.g., Microsoft Exchange) and employee services (e.g., Google Drive, Gmail). Only seven percent have extremely good visibility; 58 percent say that have only moderate or slight visibility.
Vulnerabilities at the Intersection of People & Content: There are many points where people interact with critical business and data and content, ranging from email to social media to third party cloud applications and more. Email, by far, was gauged to present the greatest threat. In fact, 45 percent of respondent named this as the top risk. Mobile devices and cloud storage were also deemed significant areas of concern.
Respondents were also asked to assess vulnerabilities associated with actions of people, ranging from inadvertent behaviors to criminal intent. Overall, malware caused by phishing, breaches and BYOD contamination, for example, along with inadvertent user behaviors were seen as the number one risk by respondents; each was named to the top spot by 30%.
Technology to Strengthen Cyber: Those surveyed do not hold high hopes that more cybersecurity tools will improve security; only 13 percent strongly agreed these investments would improve security, while 48 percent only slightly or moderately agreed. This could be, in part, due to the low levels of satisfaction with existing tools. Only four percent were extremely satisfied with cybersecurity investments to date.
A Focus on Cyber Behaviors and Intent: As cybersecurity professionals look to get a better handle on the risks that might be posed to critical business data, the questions of behaviors and intent are rising priorities. Overall, Forcepoint’s study shows that while there is agreement that understanding behaviors and intent is vital to cybersecurity, most companies are unable to effectively do so.
An overwhelming majority of respondents – 80 percent – believe it’s very or extremely important to understand the behaviors of people as they interact with IP and other data. Further, 78 percent believe understanding intent is very or extremely important. However, only 31 percent said their companies are very or extremely effective at understanding behaviors; only 28 percent responded similarly in the context of understanding user intent.
However, there appears to be agreement on an approach that could serve to bolster security: focusing on the point in which people interact with critical data to better understand behaviors and intent. In fact, 72 percent of respondents – the vast majority – strongly agree or agree that doing so will help prove results and costs associated with cybersecurity investments.
More information on this research report, including methodology, demographics and key industry highlights, may be found at www.thehumanpoint.com.
Forcepoint is transforming cybersecurity by focusing on what matters most: understanding people’s intent as they interact with critical data wherever it resides. Our uncompromising systems enable companies to empower employees with unobstructed access to confidential data while protecting intellectual property and simplifying compliance. Based in Austin, Texas, Forcepoint supports more than 20,000 organizations worldwide. For more about Forcepoint, visit www.Forcepoint.com and follow us on Twitter at @ForcepointSec.