How consumers influence data loss and breaches

Cisco announced the results of a survey exploring the security implications of social networking and the use of personal devices in the enterprise. One of the most striking findings was that employees are consistently working around information technology security policies to use unsupported devices and applications.

Another significant finding: 71 percent of the survey respondents said that overly strict security policies have a negative impact on hiring and retaining employees under age 30.

The survey polled 500 IT security professionals across the United States, Germany, Japan, China and India. The results illustrate that the consumer influence on enterprise IT is growing and that more employees are bringing personal devices and applications into the network, presenting new business opportunities and security challenges.

The survey explores the changing enterprise security landscape due to the evolving requirements of today’s borderless networks, the benefits and drawbacks of accommodating an increasingly mobile workforce, and the challenges of protecting sensitive and proprietary data.

Highlights

• More than half of the survey respondents have determined that their employees use unsupported applications.
• Nearly half (41 percent) of the respondents have determined that employees have been using unsupported devices, and more than one-third of that number said they have had a breach or loss of information due to unsupported network devices.
• Despite these trends, about half (53 percent) of the IT respondents said they are likely to allow personal devices on the network in the next 12 months and 7 percent already support personal devices.
• More than half (51 percent) listed “social networking” as one of the top three biggest security risks to their organization, while one in five (19 percent) considers it the highest risk.
• Social networking tools are a beneficial tool for many parts of organizations.
• Nearly three out of four survey respondents said that overly strict security policies have a moderate or significant negative impact on hiring and retaining employees under age 30.

Fred Kost, director, security solutions, Cisco, said: “As the lines between personal and business computing increasingly blur, it is becoming clear that employees are going to use social networking and personal devices whether permitted or not. The best strategic approach is to focus less on restricting usage and more on effective solutions to ensure highly secure, responsible use. These solutions involve more than technology. Organizations should develop education programs, corporate policies and best practices in order to realize the extensive business benefits of social networking while protecting against the variety of potential threats that it can present.”