As the volume of data generated within the enterprise workflow grows bigger each and every day, adopting a future-proof approach to information security will be increasingly imperative – and even more challenging. Much talk has arisen about the cloud and mobile devices, and their requisite applications, being a growing threat vector. But new survey results suggest that when it comes to protecting companies’ IT infrastructure, it is in fact people who present the biggest security problem.
A research report commissioned by Infosecurity Europe, “Information security: From business barrier to business enabler,” found that more than one in four (26.2%) respondents believe that ignorance among end-users on the importance of protecting corporate data presents the principal challenge.
That was followed by the scourge of legacy IT systems (16.2%), a lack of executive sponsorship for policies (14.3%) and end-users refusing to comply with policies (13.9%).
In a bright spot, one-third of all information security professionals (37%) went on to say they are confident in their ability to overcome the challenges of protecting legacy systems. But an even larger proportion, 58.9%, said they felt that information security wasn’t being incorporated into overall IT strategies to prevent future weaknesses being built into existing infrastructures.
All of these factors continue to put sensitive data at risk, and the IT professionals surveyed did express an urgent need for organizations to take potential threats more seriously. However, even as business executives begin to understand the importance of information security as a deeper strategic imperative than it has been in the past, 47.4% of respondents agreed that the industry has a short-term approach to information security strategies, lurching from one threat scenario to another, rather than adopting a long-term approach.