Despite the persistent threat of security breaches, most businesses aren’t too concerned about unknown security risks, research shows.
A new study by Dell revealed that although security breaches cost U.S. organizations an estimated $25.8 billion annually, many companies fail to effectively recognize and prioritize the next big wave of risk to IT security from unknown threats.
The research shows the majority of IT leaders around the world say they don’t view unknown security threats stemming from trends and technologies like BYOD (bring your own device), mobility, cloud computing and Internet usage as top security concerns. Therefore, these companies aren’t coming up with ways to find and address these potential threats.
Specifically, only 37 percent of the IT leaders surveyed ranked unknown threats as a security issue they will worry about in the next five years.
“All threats expose an organization to significant risk, but unknown threats, particularly, are silent predators that can have profound and catastrophic implications on performance and continuity,” said Stacy Duncan, vice president of IT for DavCo Restaurants, an operator of more than 150 restaurants.
The study discovered that epidemic threats come from all perimeters, both inside and outside the organization. They are often hidden in poorly configured settings or permissions, as well as in ineffective data governance, access management and usage policies. Those surveyed believe it will take a collective effort to effectively protect themselves from new and unknown risks.
Eighty-five percent of the U.S. IT leaders surveyed said that organizations will need to restructure and reorganize their IT processes, as well as collaborate more with other departments to stay ahead of the next security threat.
Nearly a quarter of survey respondents highlighted BYOD as the root cause of a breach. For instance, when employees are allowed to use their own personal devices to access confidential company information, critical data can be exposed. Overall, 57 percent of survey respondents ranked the increased use of mobile devices as a top security concern in the next five years.
With that in mind, 44 percent of those surveyed said instituting policies for BYOD security is critical for preventing security breaches.
Cloud security is also a top concern for IT leaders. More than 20 percent of those surveyed said cloud apps or service usage were the root cause of their security breaches.
“Although cloud [technology] presents massive opportunities for corporate IT in terms of cost savings, security issues are rising to the forefront,” said Mary Hobson, director of eResearch South Australia, which enables discovery, innovation and collaboration by providing eResearch facilities, services, training and expertise.
While they might not be focused on unknown threats specifically, most businesses are increasing their IT security efforts. Nearly 70 percent of those surveyed have increased funds spent on employee security education and training in the past 12 months, and 50 percent believe security training for both new and current employees is a priority.
The study was based on surveys of 1,400 IT decision makers from organizations based in the United States, Canada, the United Kingdom, France, Germany, Italy, Spain, India, Australia and China.