- Today organizations are struggling with the best way to protect against attacks that are targeting the endpoint.
- Too often, the security strategy has been to put the onus on the individual employee.
- Research has shown, over and over again, that training and user restrictions are both tedious and expensive, and have a very low success rate.
- This is because cybercriminals are experts at using social engineering to manipulate users into behaving insecurely.
Being a CISO is tough. You’re responsible for the security of your organization’s intellectual property, customer data and you fight an enemy that can’t be seen or heard. If you’re lucky, you’ve constructed a security stack aimed at preventing a breach, but the reality is, cybercriminals have figured out your most vulnerable threat surface are the humans who are doing the work in your company. That means your whole job comes down to trusting the people who surf the net, read email and download documents hundreds of times a day. So to cope with this variable, you find yourself locking things down, blacklisting websites and doing regular phishing tests to see who’s not paying attention. You know this comes at the cost of productivity. You know because the organization tells you. Repeatedly. Yet what are you supposed to do? You will lose your job and your reputation if there’s a breach.
Welcome to the CISO’s Dilemma.
We conducted a study with researchers at Vanson Bourne to help us understand what was happening. The sample included 500 CISOs from large enterprises in the US (200), UK (200) and Germany (100) and the companies were a combination of 175 enterprises with between 1,000 and 3,000 employees, 175 with 3,000 to 5,000 employees, and 150 with more than 5,000 employees. The study looked at what today’s organizations are doing to prevent endpoint breaches targeting employees, the success of those efforts, and the associated costs that make this whole approach rather frustrating. We will also look at the impact that such measures have on productivity and ultimately the business’s ability to innovate. You can see the highlights from the study below in our infographic.
While the study shows CISOs take a lot of heat from the organization (see related research), there’s good news. There is a different way to protect the endpoint. By allowing employees to work naturally – without restriction – we can still prevent malware from infiltrating the network. This approach has become a competitive advantage for our customers because it allows their employees to focus on innovation, not limitations. Users can ultimately click with confidence, knowing that any breach or attack will be isolated and prevented from entering the network.
Ready to learn more about application isolation and control? Want to put an end to the CISOs Dilemma? Contact us for a demo and we can put our solution to work for you.
*** This is a Security Bloggers Network syndicated blog from Bromium authored by Jennifer Carole. Read the original post at: http://blogs.bromium.com/cybersecurity-vs-productivity-the-cisos-dilemma/