Global cybersecurity leader Forcepoint™ has released a new study – “The Human Point: An Intersection of Behaviors, Intent & Critical Business Data.” The study showed that, while an overwhelming majority of respondents – 80 percent – believe it’s important to understand the behaviors of people as they interact with intellectual property (IP) and other critical business data, only 32 percent are able to do so effectively. Further, 78 percent believe understanding user intent is important, yet only 28 percent of those surveyed currently have this capability.
The study surveyed more than 1,250 cybersecurity professionals worldwide across a range of industries, including financial services, oil and gas, and healthcare.
The study shows that cybersecurity professionals are dissatisfied with technology investments, while data sprawl and eroding network boundaries makes security more difficult. However, the survey reveals the potential upside associated with understanding users’ behaviors and intent as they interact with IP and other data underpinning corporate value.
“For years, the cybersecurity industry has focused primarily on securing technology infrastructures. The challenge with this approach, however, is that today’s infrastructures are ever-changing in composition, access and ownership,” said Matthew P. Moynahan, chief executive officer at Forcepoint. “By understanding how, where and why people touch confidential data and IP, businesses will be able to focus their investments and more effectively prioritize cybersecurity initiatives.”
Key findings include:
·Investing in Cybersecurity Tools: Only four percent of cybersecurity professionals are extremely satisfied with cybersecurity investments they’ve made; only 13 percent strongly agree that more cybersecurity tools will improve security
·Data Sprawland Eroding Network Boundaries: Corporate networks are no longer tightly controlled entities, as data sprawls across a range of systems and devices.
o28 percent said critical business data and IP may be found in BYOD devices; 25 percent said removable media; 21 percent said public cloud services.
o46 percent are very or extremely concerned about the co-mingling of personal and business applications on devices such as smartphones.
oOnly seven percent have extremely good visibility into how employees use critical business data across company-owned and employee-owned devices; company approved services (e.g., Microsoft Exchange) and consumer services (e.g., Google Drive, Gmail).
·Vulnerabilities at the Intersection of People & Content: There are many points where people interact with critical business data and IP, ranging from email to social media to third party cloud applications and more.
oEmail was ranked the greatest threat (46 percent); mobile devices and cloud storage were also deemed significant areas of concern.
oMalware caused by phishing, breaches and BYOD contamination, along with inadvertent user behaviors were seen as the top risks (30 percent each)
·Understanding Behaviors and Intent:
o80 percent believe it’s very or extremely important to understand the behaviors of people as they interact with IP and other data, but only 32 percent are able to do so very or extremely effectively.
o78 percent believe understanding intent is very or extremely important, but only 28 percent are able to do so very or extremely effectively.
o72 percent strongly agree or agree that security could be improved by focusing on the point in which people interact with critical data to better understand behaviors and intent.