Forcepoint Study Finds Organizations Must Balance Cybersecurity Tech Investments with Understanding Human Behaviors & Intent
Forcepoint released results from a new study – The Human Point: An Intersection of Behaviors, Intent & Data.” The study was compiled through input of more than 1,250 cybersecurity professionals worldwide.
The study shows that while cybersecurity professional are dissatisfied with technology investments – and a combination of data sprawl and eroding network boundaries makes security more difficult – there are opportunities to improve security postures and results. Rather than focusing solely on security from a technology perspective, the survey’s results reveal potential upside associated with understanding users’ behaviors and intent as they interact with critical business data, such as intellectual property.
“For years, the cybersecurity industry has focused primarily on securing technology infrastructure. The challenge with this approach, however, is that infrastructure is ever-changing,” said Matthew P. Moynahan, chief executive officer at Forcepoint. “By understanding how, where and why people touch data, businesses will be able to focus their investments and more effectively prioritize cybersecurity initiatives.”
Key findings presented in the report include:
Data Sprawl and Eroding “Network” Boundaries: Corporate networks are no longer tightly controlled entities with clear boundaries. The definition of a corporate network must be reconsidered given the expansive nature of applications, systems and infrastructure connected to critical business data. For example, respondents reported a variety of systems with limited corporate control are used in the context of critical business data, such as private cloud services (49 percent), BYOD laptops or other devices (28 percent), removable media (25 percent) and public cloud services (21 percent).
In addition, the growing use of BYOD and corporate policies allowing social media usage is creating concern. In fact, nearly half of respondents (46 percent) are very or extremely concerned about the co-mingling of personal and business applications on devices such as smart phones.
Losing Visibility of Critical Business Data: Data sprawl is making it more difficult for cybersecurity professionals to maintain visibility into how employees use critical business data across company-owned and employee-owned devices; company approved services (e.g., Microsoft Exchange) and employee services (e.g., Google Drive, Gmail). Only seven percent have extremely good visibility; 58 percent say that have only moderate or slight visibility.
Vulnerabilities at the Intersection of People & Content: There are many points where people interact with critical business and data and content, ranging from email to social media to third party cloud applications and more. Email, by far, was gauged to present the greatest threat. In fact, 45 percent of respondent named this as the top risk. Mobile devices and cloud storage were also deemed significant areas of concern.
Respondents were also asked to assess vulnerabilities associated with actions of people, ranging from inadvertent behaviors to criminal intent. Overall, malware caused by phishing, breaches and BYOD contamination, for example, along with inadvertent user behaviors were seen as the number one risk by respondents; each was named to the top spot by 30%.
However, there appears to be agreement on an approach that could serve to bolster security: focusing on the point in which people interact with critical data to better understand behaviors and intent. In fact, 72 percent of respondents – the vast majority – strongly agree or agree that doing so will help prove results and costs associated with cybersecurity investments.
