The results of the recent Financial Times/ICSA Boardroom Bellwether survey highlight a worrying trend in how corporations are tackling evolving security threats, in particular those in the cyber area.
Just 21% of the companies surveyed had assessed their vulnerability to cyber-attack and put necessary provisions in place. The survey begs the question that if a business doesn’t have the infrastructure in place to combat external threats, is it in a position to ensure the security and strength of its corporate digital infrastructure? Managing corporate cyber-security is more than just responding to external hacking attacks.
With every corporate device acting as a potential gateway into a business’ infrastructure, cyber security provisions must extend beyond the firewall. If an employee is using their own device and it happens to contain malware or unauthorised applications, then this can represent a security vulnerability. The kind of external hacking attacks that the survey discusses are only one of the ways that third parties can gain illegal access to sensitive data. Given that a work-enabled smartphone or tablet has access to as much sensitive data as a desktop PC, a compromised portable device could pose as much of a threat as a successful hacking attack.
With more organisations allowing employees to use their own devices for corporate purposes, the IT department has less control than with corporately owned hardware. IT teams are under mounting pressure to allow the use of privately owned consumer devices, but are faced with the challenge of trying to manage each individual device. Ensuring applications are patched regularly, or that devices aren’t taken outside certain areas or used on public wireless networks, becomes difficult when the operating system and type of hardware varies from user to user.
Successful security policies need to offer a holistic approach, encompassing all potential security risks. These measures have to be able to respond to the threat that each device and end-user presents, and be able to act as soon as a device becomes a security risk. Whether this is through unauthorised applications or device usage, data security threats don’t just stop at cyber-security hacking risks. However, the challenge for businesses is to give employees the freedom to use their own devices, but without compromising security and productivity.