sb-as logo
Story image

74% of CISOs say cybersecurity hinders productivity & innovation

23 Oct 2017

The need for comprehensive cybersecurity is ever increasing with the rise of malicious cybercrime – but it’s coming at a cost.

Bromium released the findings of an independent survey conducted by Vanson Bourne of 500 CISOs from large enterprises in the US (200), UK (200) and Germany (100),

The main finding?  IT security is hindering productivity and innovation across enterprises, as most security teams utilise a ‘prohibition approach’ where they restrict user access to websites and applications – a tactic which is creating major frustration for users.  

A whopping 88 percent of enterprises prohibit users from using websites and applications due to security concerns, while 94 percent are investing in web proxy services to restrict what users can and can’t access.

Unsurprisingly, these restrictions do come with implications as 74 percent of CISOs said users have expressed frustration that security is preventing them from doing their job and 81 percent said that users see security as a hurdle to innovation.

As a result, IT help desks are spending an average of 572 hours a year responding to user requests and complaints regarding access to websites.

This mounting frustration has caused an uneasy relationship between IT, security and the user, with 77 percent of CISOs saying they feel stuck in a ‘catch-22’ where they’re caught between letting people work freely and keeping the enterprise safe.

A further 71 percent said that they are being made to feel like the bad guys, because they have to say ‘no’ to users requesting access to restricted content.

“At a time when competition is fierce, the risk of falling behind and being less productive is as big a risk to an enterprise as cyberattacks. Security has to enable innovation by design, not act as a barrier to progress,” says Ian Pratt, president and co-founder of Bromium.

“Sadly, traditional approaches to security are leading to frustrated users, unhappy CISOs and strained relationships between workers and IT departments – all of which stifles business development, innovation and growth. This is unacceptable in a world where time to market is a vital driver for business success. We need to put an end to this catch-22 between security, productivity and innovation – things need to change.” 

Bromium asserts this ongoing problem suggest enterprises need a new approach to security.

“The way security works today is broken. It is unacceptable that end users are making help desk requests just to download documents and access websites they need to do their job,” Pratt says.

“It is also unfair that IT and security are seen as the enemy when they are simply trying to keep the organisation safe. But it doesn’t need to be this way. There is a way to let end users click with confidence while keeping the organization safe. It’s called application isolation.”

Pratt says application isolation puts the activities activities most often targeted by cybercriminals – downloading files, using applications, browsing the internet – into micro virtual machines, which protects the network because when these activities are initiated malware is trapped inside the container.

“This new approach to security transforms the relationship between the user and IT,” Pratt says.

”Now, instead of users calling IT to say there is a problem, they call to say they trapped some malware. Security teams congratulate the end user and then have the opportunity to extract and analyse the malware. This allows users, IT and security to work together to gather threat intelligence that protects the business at large.”

Story image
IT professionals destroying end-of-life hardware over fears of data breaches - report
IT directors are destroying end of life tech hardware as opposed to erasing its data out of fear of making a mistake and facing data breaches.More
Story image
Huawei: Corporates must focus on data minimisation and business continuity to mitigate data security challenges
"From a long-term sustainable point of view, organisations will need to adopt data minimisation and privacy by design and default."More
Story image
APAC secure content management market to hit $2.2 billion by 2024
The proliferation of cloud-based deployments will largely drive this, the report says, as the COVID-19 pandemic motivates more enterprises to move their workloads to the cloud and rely more on the internet. More
Story image
22 billion records exposed from breaches in 2020 — report
The research also found that 35% of the breaches recorded by Tenable were caused by ransomware attacks, while 14% of breaches stemmed from email compromises.More
Story image
Kaspersky steps in to protect automotive industry from cyber threats
The company’s TI report, previously available for a selected range of customers, is able to provide car manufacturers with in-depth analysis of industry-specific security threats.More
Story image
Microsoft top targeted brand by cyber criminals in Q4 2020
In Q4, 43% of all brand phishing attempts related to Microsoft (up from 19% in Q3), as threat actors continued to try to capitalise on people working remotely during the COVID-19 pandemic’s second wave. More