Corporate boardrooms are all talking about cyber security and risk – but they may be overlooking the obvious. A report just out reveals that 71% of employees in a new survey say that they have access to data they should not see, and more than half say this access is “frequent” or “very frequent.”
Corporate Data: A Protected Asset or a Ticking Time Bomb? , a report based on a survey commissioned by Varonis Systems Inc and conducted by the Ponemon Institute, is derived from over 2,000 interviews conducted in October 2014 with employees in the US, UK, France and Germany. Respondents range from IT practitioners to ends users in all sizes of organisation and cover industries including financial services, health and pharmaceutical, retail, industrial, technology and software – as well as the public sector.
“This research surfaces an important factor that is often overlooked: employees commonly have too much access to data, beyond what they need to do their jobs, and when that access is not tracked or audited, an attack that gains access to employee accounts can have devastating consequences” says Dr Larry Ponemon, chairman and founder of The Ponemon Institute, a research center focusing on privacy, data protection and information security policy.
In interesting revelations for those dictating corporate policy, only 22% of employees surveyed believe their organisations as a whole place a very high priority on the protection of company data. Less than half believe their companies strictly enforce security policies related to use of and access to company data.
As if this were not bad enough in a world of daily corporate data breaches in the glare of public spotlight, the report finds that “the proliferation of business data is already negatively impacting productivity – making it harder for employees to find data that they truly need and should be able to access, and to share appropriate data with customers, vendors and business partners.”
Everyone, it seems, is quite literally drowning in information while simultaneously not being able to access what they urgently need in order to be productive. While 73% of end-users believe the growth of emails, presentations, multimedia files and other types of company data has “very significantly or significantly affected their ability to find and access data”, some 43% say it can take weeks, months or even longer to be granted access to data they need to do their jobs.
A lack of control and the oversight of corporate data are serious risk issues for the boardroom, not IT issues. They are also not going to go away.
Today Control Risks, the global business risk consultancy, publishes its 2015 Risk Map, which highlights the most significant underlying trends in global risk and security, and provides a detailed view from the markets that will matter most in 2015. Its report should provide sobering reading.
“2015 will be a difficult year for business as the lines between what have always been considered ‘safe’ and ‘risky’ opportunities blur. Opportunities will continue to abound for ambitious international companies. But uncertain economics and volatile politics will make 2015 more than usually challenging” it says.
“The US and Europe will exercise waning international influence and leaders will continue to focus on national issues and politics. Business culture and practices of multinational companies will meet resistance from the emerging powers and their powerful supply chains. National governments will find it more difficult to protect their companies from this” says Richard Fenning, CEO, Control Risks.
Mr Fenning adds: “Increasing technological sophistication and weak state power will combine to render the threat from cyber-attack, kidnap and terrorism more severe. How one deals with the inevitable attack, as opposed to how one stops it, will become the key question.”