Forcepoint research shows understanding people's behaviours and intent critical to future of cybersecurity - but significant gaps exist
Nearly 80% of cyber professionals say enterprises must understand behaviours and intent as people interact with critical data and IP; today, less than a third are able to do so effectively.
Global cybersecurity leader Forcepoint today released a new study - "The Human Point: An Intersection of Behaviors, Intent & Critical Business Data." The study showed that, while an overwhelming majority of respondents - 80% - believe it's important to understand the behaviours of people as they interact with intellectual property (IP) and other critical business data, only 32% are able to do so effectively. Further, 78% believe understanding user intent is important, yet only 28% of those surveyed currently have this capability.
The study surveyed more than 1 250 cybersecurity professionals worldwide across a range of industries, including financial services, oil and gas, and healthcare.
The study shows that cyber security professionals are dissatisfied with technology investments, while data sprawl and eroding network boundaries makes security more difficult. However, the survey reveals the potential upside associated with understanding users' behaviours and intent as they interact with IP and other data underpinning corporate value.
"For years, the cybersecurity industry has focused primarily on securing technology infrastructures. The challenge with this approach, however, is that today's infrastructures are ever-changing in composition, access and ownership," said Matthew P Moynahan, chief executive officer at Forcepoint. "By understanding how, where and why people touch confidential data and IP, businesses will be able to focus their investments and more effectively prioritise cybersecurity initiatives."
Key findings include:
Investing in Cybersecurity Tools: Only 4% of cybersecurity professionals are extremely satisfied with cybersecurity investments they've made; only 13% strongly agree that more cybersecurity tools will improve security
Data Sprawl and Eroding Network Boundaries: Corporate networks are no longer tightly controlled entities, as data sprawls across a range of systems and devices.
Twenty-eight percent said critical business data and IP may be found in BYOD devices; 25% said removable media; 21% said public cloud services.
Forty-six percent are very or extremely concerned about the co-mingling of personal and business applications on devices such as smartphones.
Only 7% have extremely good visibility into how employees use critical business data across company-owned and employee-owned devices; company approved services (e.g., Microsoft Exchange) and consumer services (e.g., Google Drive, Gmail).
Vulnerabilities at the Intersection of People and Content: There are many points where people interact with critical business data and IP, ranging from e-mail to social media to third party cloud applications and more.
E-mail was ranked the greatest threat (46%); mobile devices and cloud storage were also deemed significant areas of concern.
Malware caused by phishing, breaches and BYOD contamination, along with inadvertent user behaviours were seen as the top risks (30% each)
Understanding Behaviors and Intent:
Eighty percent believe it's very or extremely important to understand the behaviours of people as they interact with IP and other data, but only 32% are able to do so very or extremely effectively.
Seventy-eight percent believe understanding intent is very or extremely important, but only 28% are able to do so very or extremely effectively.
Seventy-two percent strongly agree or agree that security could be improved by focusing on the point in which people interact with critical data to better understand behaviours and intent.
More information on this research report, including methodology, demographics and key industry highlights, may be found at www.thehumanpoint.com.