SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
74% of CISOs say cybersecurity hinders productivity & innovation
Mon, 23rd Oct 2017
FYI, this story is more than a year old

The need for comprehensive cybersecurity is ever increasing with the rise of malicious cybercrime – but it's coming at a cost.

Bromium released the findings of an independent survey conducted by Vanson Bourne of 500 CISOs from large enterprises in the US (200), UK (200) and Germany (100),

The main finding?  IT security is hindering productivity and innovation across enterprises, as most security teams utilise a ‘prohibition approach' where they restrict user access to websites and applications – a tactic which is creating major frustration for users. 

A whopping 88 percent of enterprises prohibit users from using websites and applications due to security concerns, while 94 percent are investing in web proxy services to restrict what users can and can't access.

Unsurprisingly, these restrictions do come with implications as 74 percent of CISOs said users have expressed frustration that security is preventing them from doing their job and 81 percent said that users see security as a hurdle to innovation.

As a result, IT help desks are spending an average of 572 hours a year responding to user requests and complaints regarding access to websites.

This mounting frustration has caused an uneasy relationship between IT, security and the user, with 77 percent of CISOs saying they feel stuck in a ‘catch-22' where they're caught between letting people work freely and keeping the enterprise safe.

A further 71 percent said that they are being made to feel like the bad guys, because they have to say ‘no' to users requesting access to restricted content.

“At a time when competition is fierce, the risk of falling behind and being less productive is as big a risk to an enterprise as cyberattacks. Security has to enable innovation by design, not act as a barrier to progress,” says Ian Pratt, president and co-founder of Bromium.

“Sadly, traditional approaches to security are leading to frustrated users, unhappy CISOs and strained relationships between workers and IT departments – all of which stifles business development, innovation and growth. This is unacceptable in a world where time to market is a vital driver for business success. We need to put an end to this catch-22 between security, productivity and innovation – things need to change.”

Bromium asserts this ongoing problem suggest enterprises need a new approach to security.

“The way security works today is broken. It is unacceptable that end users are making help desk requests just to download documents and access websites they need to do their job,” Pratt says.

“It is also unfair that IT and security are seen as the enemy when they are simply trying to keep the organisation safe. But it doesn't need to be this way. There is a way to let end users click with confidence while keeping the organization safe. It's called application isolation.

Pratt says application isolation puts the activities activities most often targeted by cybercriminals – downloading files, using applications, browsing the internet – into micro virtual machines, which protects the network because when these activities are initiated malware is trapped inside the container.

“This new approach to security transforms the relationship between the user and IT,” Pratt says.

”Now, instead of users calling IT to say there is a problem, they call to say they trapped some malware. Security teams congratulate the end user and then have the opportunity to extract and analyse the malware. This allows users, IT and security to work together to gather threat intelligence that protects the business at large.