Survey: Maintaining Cybersecurity Balance is a Challenge
A survey of 1,007 IT decision-makers at small-to-medium enterprises (SMEs) found two-thirds of respondents (66%) conceded that adding security measures resulted in more cumbersome user experiences. The survey polled SMEs in the U.S. and United Kingdom and was conducted by JumpCloud, a provider of IT management tools.
Despite that issue, however, most respondents (56%) said their organizations now employ biometrics for employee authentication. In fact, biometrics was also simultaneously ranked as the most secure form of multifactor authentication (MFA) by 34% of respondents and the hardest to implement (38%).
Tom Bridge, a principal product manager for JumpCloud, said the survey results suggested cybersecurity teams are making progress toward striking a balance between the need for greater security and the natural aversion end users have toward any technology that is perceived to add friction to their work experience.
Overall, the survey found well over half of the respondents (59%) viewed security as their number-one challenge, followed by device management (48%) and migrating all workers to fully or partially remote (48%) computing services.
The three biggest security concerns are network attacks (40%), ransomware (31%) and software vulnerability exploits (31%).
Those concerns appeared to be having a positive impact on patch management, noted Bridge. More than three-quarters of respondents (78%) said they are confident in their organization’s patch management strategy in terms of their ability to protect against known vulnerabilities. A full 60% said they are applying patches within seven days. Well over a third (36%) said they deploy patches as soon as possible. Nearly half (47%) also noted they use a security staff member dedicated to identifying vulnerabilities and performing fixes to manage patches, with 47% reporting they schedule patches around vendor release dates. A total of 39% said it’s the user’s responsibility to apply those patches.
Just over a third of respondents (34%) said they also now use single sign-on tools across their entire organization, while another 36% said it is employed for a limited number of applications and devices.
The survey also found there is a lot of interest in shifting away from passwords, with 63% making passwordless authentication a priority. However, 53.6% agreed that passwordless authentication is more of an industry buzzword than it is an IT priority. In fact, one-time passwords (OTP) will also likely remain in use because they are easiest to deploy (38%) and easiest for users (37%).
Bridge said the conundrum cybersecurity teams always encounter is that most organizations still have no tolerance for security measures that disrupt workflow processes. Bridge said despite that challenge, however, it’s clear progress is being made. More security teams, for example, are not waiting for a developer to deploy a security patch when they have tools to automatically deploy those patches themselves, he noted.
Security teams are also working more closely with IT operations teams to address cybersecurity issues, added Bridge. It’s become apparent that the best way to make up for the chronic shortage of cybersecurity expertise is to enlist the aid of IT operations personnel to take on more security tasks, he added.
Finally, Bridge said, as the economy becomes more volatile many cybersecurity teams will be looking to consolidate platforms. After all, what was once a platform is now a feature of yet another larger platform that delivers the same capability more affordably, he noted.
Arguably, there has never been a more dynamic time in terms of the ongoing evolution of cybersecurity. The issue, as always, is determining when and where to place the right bets based on what end users will ultimately tolerate.
