Much progress has been made in recent years bridging the divide between business and IT silos, with chief information officers finding new roles in everything from compliance management to strategic development. But a new report from threat mitigation specialist Cryptzone suggests that this goodwill continues to be compromised by the actions of negligent or arrogant executives who believe their digital actions are beyond reproach.
In a survey of 300 IT security professionals, Cryptzone researchers discovered that the most significant opposition to data protection policies was oftentimes sitting in the boardroom. In fact, more than 40 percent of respondents charged company executives with "frequently ignoring them." This perception also led more than half of technology administrators to suggest business directors assume that the rules do not apply to them.
Disconnect between IT departments and company colleagues can easily be a recipe for disaster, but the phenomena uncovered by Cryptzone are all the more concerning in light of the network privileges available to C-level executives. The most telling statistic of all was the notion that 52 percent of respondents agreed that directors had access to the most sensitive corporate information yet the weakest understanding of data security principles.
"There's a saying 'do as I say, not as I do' and this study would appear to demonstrate that it resonates in the executive corridor of far too many organizations today," Cryptzone senior vice president Dominic Saunders explained. "However, there's also a phrase 'united we stand, divided we fall' and that's what each person who doesn't toe the security line is potentially exposing their company to."
While blame could be cast in any number of directions, IT must be the one to carry the torch for improved data security awareness. One of the key impediments to progress, however, is the assumption that all employees can and should be treated the same.
According to Saunders, two-thirds of companies provide the same standardized IT security training modules to every worker. In reality, this democratization actually results in wasted money and inconsistent results. By establishing a more individualistic approach, companies can make sure they aren't wasting resources retraining knowledgeable, compliant employees and can instead put that time and money to provide an educational experience in alignment with privilege levels.
At the end of the day, even the best policy needs to be reinforced with the proper data protection technologies. While actively engaging all departments is a noble goal, IT is also responsible for implementing failsafe solutions to ensure there is no loophole or workaround that can grant unauthorized access to sensitive company assets.
Security News from SimplySecurity.com by Trend Micro