Security teams reveal that the majority of workers would
rather just get their work done than worry about security.
An overwhelming majority of workers are putting the security of their entire business at risk by preferring productivity over safety, new research has claimed.
A survey by security firm Bromium found that most security professionals are often asked to make exceptions to their work that would put companies at risk.
Worryingly, nearly two-thirds (64 per cent) of security workers surveyed at the recent Infosecurity Europe 2017 event in London said that they had modified protocols in the workplace to allow employees more freedom to get their work done because of a request from leadership. 40 per cent also admitted to turning security off to accommodate a request from another part of the organisation.
Overall, 94 per cent of those surveyed said that users are more concerned with getting their jobs done than worrying about security.
This clash also appears to boil over into issues concerning security education. Nearly half (42 per cent) of the security professionals surveyed said that although their end users are educated about how to prevent data breaches, it is their behaviour that is often the cause of a breach.
“While it isn’t a shock that users prioritise productivity and convenience over security, we’ve always assumed that IT security teams set the agenda when it comes to protecting IP, customer data and the network. But the results from this survey make it clear they are often overruled and executive leadership may not be aware given these competing priorities,” said Bromium co-founder, Ian Pratt.
“This should not be the case. Security teams shouldn’t be put in this position. Security is in place to protect an organisation’s most valuable assets. Having to negotiate over when it is applied puts a company at significant risk.”
“Security should be invisible, not an obstacle. But so much of today’s security technology inhibits productivity and hinders innovation. Putting the onus on employees simply doesn’t work – they should be able to click with confidence. An organisation’s greatest assets are its intellectual property and its employees. The idea that business leaders are being forced to choose between productivity and security is frankly ridiculous. We need to do better as a community of security vendors.”