Story image

74% of CISOs say cybersecurity hinders productivity & innovation

23 Oct 2017

The need for comprehensive cybersecurity is ever increasing with the rise of malicious cybercrime – but it’s coming at a cost.

Bromium released the findings of an independent survey conducted by Vanson Bourne of 500 CISOs from large enterprises in the US (200), UK (200) and Germany (100),

The main finding?  IT security is hindering productivity and innovation across enterprises, as most security teams utilise a ‘prohibition approach’ where they restrict user access to websites and applications – a tactic which is creating major frustration for users.  

A whopping 88 percent of enterprises prohibit users from using websites and applications due to security concerns, while 94 percent are investing in web proxy services to restrict what users can and can’t access.

Unsurprisingly, these restrictions do come with implications as 74 percent of CISOs said users have expressed frustration that security is preventing them from doing their job and 81 percent said that users see security as a hurdle to innovation.

As a result, IT help desks are spending an average of 572 hours a year responding to user requests and complaints regarding access to websites.

This mounting frustration has caused an uneasy relationship between IT, security and the user, with 77 percent of CISOs saying they feel stuck in a ‘catch-22’ where they’re caught between letting people work freely and keeping the enterprise safe.

A further 71 percent said that they are being made to feel like the bad guys, because they have to say ‘no’ to users requesting access to restricted content.

“At a time when competition is fierce, the risk of falling behind and being less productive is as big a risk to an enterprise as cyberattacks. Security has to enable innovation by design, not act as a barrier to progress,” says Ian Pratt, president and co-founder of Bromium.

“Sadly, traditional approaches to security are leading to frustrated users, unhappy CISOs and strained relationships between workers and IT departments – all of which stifles business development, innovation and growth. This is unacceptable in a world where time to market is a vital driver for business success. We need to put an end to this catch-22 between security, productivity and innovation – things need to change.” 

Bromium asserts this ongoing problem suggest enterprises need a new approach to security.

“The way security works today is broken. It is unacceptable that end users are making help desk requests just to download documents and access websites they need to do their job,” Pratt says.

“It is also unfair that IT and security are seen as the enemy when they are simply trying to keep the organisation safe. But it doesn’t need to be this way. There is a way to let end users click with confidence while keeping the organization safe. It’s called application isolation.”

Pratt says application isolation puts the activities activities most often targeted by cybercriminals – downloading files, using applications, browsing the internet – into micro virtual machines, which protects the network because when these activities are initiated malware is trapped inside the container.

“This new approach to security transforms the relationship between the user and IT,” Pratt says.

”Now, instead of users calling IT to say there is a problem, they call to say they trapped some malware. Security teams congratulate the end user and then have the opportunity to extract and analyse the malware. This allows users, IT and security to work together to gather threat intelligence that protects the business at large.”

Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
SIS announces a partnership with Platform 4
“We are looking forward to a strong future in the New Zealand security industry with this global giant as our strategic partner."
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.