A survey conducted by Pulse and Hitachi ID throughout September asked 100 IT and security executives what modifications they’re making to their cybersecurity infrastructure, how those changes are able to better handle cyberattacks, and how politics plays a role in their strategy.
99% of the respondents said that at least some part of their security initiatives includes a move to SaaS. Some 36% said that more than half of their efforts involve this type of move.
Multi-factor authentication has been started by 82% of those surveyed, single sign-on by 80%, identity access management by 74% and privileged access management by 60%. Only 47% of the respondents said they’ve executed Zero Trust principles and policies.
Now couple that with the culture of the business. Cultures of blame and fear are causing businesses to lose critical, sensitive data that could have otherwise been saved if employees were comfortable enough to come forward. From Veritas Technologies, 56% of office workers admit to having accidentally deleted files hosted in the cloud. 20% do so multiple times a week. Thirty-five percent of those who admit to accidentally deleting files report lying to cover up what they had done. In 43% of those cases, no one noticed the mistake, meaning that whatever data was lost was never noticed. In 20% of the instances where someone did realize what had happened, the data they had accidentally deleted was irrevocably lost.
When it comes to ransomware, employees are even more likely to lie, or outright never mention an incident in which they had introduced ransomware to their business network: Only 30% said they would notify IT as to what had happened, including their role in it. Twenty-four percent said they would notify IT but leave themselves out of the story, 16% would try to recreate the documents they lost to the ransomware, 11% would log out and pretend nothing happened and 8% said they would do nothing and hope the problem resolved itself.
92% of respondents also have a false belief that cloud providers are able to easily reverse their mistakes.
Why do we care?
I’m not comfortable with the victim blaming implied in some of this data. The responsibility for the culture is on the business, not the employee. Building a culture of trust takes work.
I coupled these two surveys because I think the rollout of these technologies is exactly the time to work on building culture. If you roll out all these tools, but then don’t built the culture of trust preventing victim blaming, there is a lot less effectiveness.
There’s one set of rates to bill for doing just the tech rollouts. There’s an even better set of rates for addressing both.