Nearly 80 percent of cyber-professionals say enterprises must understand the behaviours of people as they interact with intellectual property (IP) and other critical business data, but only 32 percent are able to do so effectively.
A new study by Forcepoint reveals that cyber-security pros are not satisfied with technology investments, while data sprawl and eroding network boundaries makes security more difficult.
The research included responses from more than 1250 cyber-security professionals worldwide across a range of industries.
Only four percent of respondents are extremely satisfied with their cyber-security investments and only 13 percent strongly agree that more cyber-security tools will improve security.
Twenty-eight percent said critical business data and IP may be found in BYOD devices, 25 percent said in removable media and 21 percent said public cloud services. Nearly half (46 percent) are very or extremely concerned about the co-mingling of personal and business applications on devices such as smartphones.
Only seven percent have extremely good visibility into how employees use critical business data across company-owned and employee-owned devices; company approved services (such as Microsoft Exchange) and consumer services (such as Google Drive and Gmail).
When it comes to people interacting with critical business data and IP, email was ranked the greatest threat (46 percent). Mobile devices and cloud storage were also deemed significant areas of concern.
Malware caused by phishing, breaches and BYOD contamination, along with inadvertent user behaviours were seen as the top risks (30 percent each).
Seventy-two percent strongly agree or agree that security could be improved by focusing on the point in which people interact with critical data to better understand behaviours and intent.
“For years, the cyber-security industry has focused primarily on securing technology infrastructures. The challenge with this approach, however, is that today's infrastructures are ever-changing in composition, access and ownership By understanding how, where and why people touch confidential data and IP, businesses will be able to focus their investments and more effectively prioritise cyber-security initiatives,” said Matthew P. Moynahan, CEO at Forcepoint.