CEOs Are Biggest Perpetrators of Shadow IT
About 63% of CEOs say that losing corporate data would destroy their business. But, awareness of the risk is doing little to change adherence to proper security practices.
Despite the known risks facing organizations today, such as data breaches, business decision makers (BDMs) and CEOs are putting critical data at jeopardy. According to Code42’s CTRL-Z study, three quarters (75%) of CEOs and more than half (52%) of BDMs admit that they use applications/programs that are not approved by their IT department.
This is despite 91% of CEOs and 83% of BDMs acknowledging that their behaviors could be considered a security risk to their organization.
The report also uncovers that reputation is at risk due to a heightened focus on productivity over data security—and there is added pressure on ITDMs to help the enterprise rapidly recover from a breach, if it hopes to minimize a hit to reputation and ensure customer loyalty.
Digging deeper, the vast majority (80%) of CEOs and 65% of BDMs say they use unauthorized applications/programs to ensure productivity. However, half of ITDMs (50%) say that their ability to protect corporate and customer data is vital to their company’s brand and reputation—a sentiment that is shared by 50% of CEOs and 61% of CIOs.
This balancing act is compounded by the fact that IT decision makers (ITDMs) say that half of all corporate data in the enterprise is held on laptops and desktops, instead of in the data center or centralized servers. In the US, this rises to as much as 60%. The majority of ITDMs do have laptop (86%) and server backup (95%) in place. However, at least 13% and 8%, respectively, have not tested their laptop or server backup programs.
“Modern enterprises are fighting an internal battle between the need for productivity and the need for security—both of which are being scrutinized all the way to the CEO,” said Rick Orloff, VP and CSO at Code42. “By using unauthorized programs and applications, business leadership is challenging the very security strategies they demanded be put in place. This makes it clear that a prevention-based approach to security is not sufficient; recovery must be at the core of your strategy.”
While 66% of BDMs and 66% of ITDMs agree that it will be up to CIO/CISOs to help their businesses adapt to the realities of the new threatscape in 2017, these figures also suggest there’s an opportunity for change. The question remains that, if it’s not the CIO or CISO, then who should take leadership on this front? Globally 88% of enterprise ITDMs and 83% of BDMs believe that their companies will have to improve their breach remediation in the next 12 months—especially given that 48% of enterprises revealed that they have been breached in the last twelve months.
“The CTRL-Z Study brings a new perspective to my own experience in advising enterprises globally. When it comes to business success it is all down to productivity and agility,” Orloff said. “Security in the modern enterprise is no different. Your strategy has to be built on three key pillars. First, you have to be able to spot risk sooner. Gaining visibility over where your data is, how it moves and who accesses it could act as an early warning system to alert you to both inside and external threats. Second, the enterprise as a whole always needs to be able to bounce back quickly and efficiently. Should a breach occur, your internal teams and the backup solutions you have in place need to be tested and ready to face the activity without it looking like a fire drill. Finally, if your business is to remain competitive, it needs to be able to recover quickly. Time is money, and in in the modern enterprise, so is data.”
Source: Information Security Magazine