The 5 Biggest Mistakes Enterprises Make on their Way to Cyber Security
Companies, both large and small, face wide range of security issues. Yet, it’s the data breaches involving large enterprises that receive far more media coverage and lead to more damaging consequences, like huge financial losses and lasting reputation damage. Adversaries tend to take advantage of complicated infrastructures of large companies; with hundreds of employees continuously making changes to IT systems and sensitive data. It’s difficult to keep all these activities under control, which makes enterprises more vulnerable to various forms of cyber threats.
Any mistake can result in costly consequences. But there are five mistakes that are the most prevalent, and yet perhaps the easiest to avoid. This findings were revealed in the Netwrix 2015 State of IT Changes Survey that involved more than 700 IT professionals from over 40 industries worldwide. The data in this survey also shows that companies would be wise to apply a security policy that will help avoid the following:
- Overlooking critical changes. The inability to keep track of events happening across IT environment leaves enterprises open to security risks. Unfortunately, the number of large enterprises that make changes without documentation has increased by more than 20% since 2014, and reached 66% in 2015. The survey also revealed that undocumented changes are made with alarming frequency: 17% – daily, 39% – weekly, 37% – monthly.
- Ignoring the workflows. Despite widely adopted change management controls, enterprises continue to ignore the workflows and make undocumented changes that affect system availability and data integrity. In fact, 33% of changes made by enterprises in 2015 resulted in security breaches, compared to 17% last year. In terms of system downtime, large enterprises turn to be the worst offenders, as 73% of enterprises regularly make changes that interrupt sustainability of business processes, in comparison to 69% in 2014.
- Using outdated methods to audit changes. Although enterprises are as constrained in budget as small businesses are, 35% of them are not using their human capital efficiently and prefer to monitor event logs manually rather than automate this activity. As a result, IT teams are flooded with numerous report requests, are not able to perform their routine tasks efficiently. This increases their risk of overlooking the malicious activity that may indicate a data breach.
- Trusting the trusted. Having a large IT staff is essential to manage and support vast and complicated enterprise IT infrastructures. However, the larger the team, the more difficult it is to keep tabs on what each privileged user is doing. The survey revealed that 23% of IT teams with more than ten people made changes that later resulted in security breaches in 2015. Even the smallest employee mistakes or misbehavior could compromise sensitive data.
- Making the same mistakes. The number of massive data breaches affecting large companies is growing and one can assume that enterprises learn their lessons and do their best to become more security conscious. Now everyone agrees that change documentation has become a cornerstone to any cybersecurity program. Surprisingly, the survey showed that enterprises turned out to be even more lax about documenting changes than expected. 22% of IT teams consisting of more than 10 IT pros regularly forget to document changes that are made every day, which is almost twice as much compared to the results of 2014.
Every day enterprises deal with thousands of changes that can potentially compromise their security or interrupt business continuity. No matter what security mechanisms enterprises have, practice shows that all of them are useless if employees systematically violate internal security policies. Even the most trusted employees from time to time make mistakes and overlook critical changes, which can negate the effect of security efforts. Therefore, it is essential to establish rigorous control over privileged user activities and enable complete visibility into what is going on across the entire IT infrastructure.
By Michael Fimin
You may also be interested in:
- The Top 10 Short-Haul And Long-Haul holiday Airlines In The World While there's no magic formula for determining the best airline in the world. However, the well-known travel magazine Conde Nast Traveller has named British Airways, the world's best […] Posted in Leadership
- From Good to Great: Study Shows Communication is Crucial for CEOs Over the past decade, CEO communication has evolved from a convenient skill to a critical business asset.According to a new study from Domo and CEO.com, A 360 Degree View of the CEO, […] Posted in Rankings
- You can now automatically back up VMware vCloud with Acronis I honestly can't remember the last time I found such a useful tool. Acronis, a leading provider of physical, virtual, and cloud backup solutions, has launched a tool to automatically back […] Posted in Leadership
- Top 13 Highest-Earning Dead Celebrities In The World: 2014 List The Prince Of Pop Michael Jackson tops highest-earning dead celebrities in the world list of 2014 by Forbes magazine, with an estimated $140 million in earnings over the last 12 […] Posted in Rankings
- The Top 10 Sexiest Sports Cars Ever Made Recently we asked our readers to complete a simple survey and to help us choose the top 10 sexiest sports cars ever made, from the 1950s to today. Based on feedback from 132,538 of […] Posted in Rankings
- Which are the 25 top business schools across Europe: FT’s ranking of 2015? For the second straight year, London Business School (LBS) has claimed first place in the FT's European business school ranking 2015, followed by HEC Paris and Insead in third, while […] Posted in Perspective