Despite the growing sophistication of threats and increase compliance requirements, a high percentage of organizations are continuing to compromise their security.
A high percentage of organizations are exposed to avoidable cyber-risk because of a persisting tendency to put business interests ahead of safety, a new study by Tanium shows.
The security vendor surveyed some 500 CIOs and CISOs from companies with more than 1,000 employees about the challenges and trade-offs they face in protecting their organizations against cyberthreats.
Almost all respondents (94%) admitted to making security compromises to accommodate business priorities. Eighty-one percent, for instance, said they had on at least one occasion delayed deploying a critical security update or patch because of concerns over the potential impact to business operations. Fifty-two percent admitted to doing so on more than one occasion.
“Another common area of compromise is network segmentation,” says Ryan Kazanciyan, chief technology officer at Tanium. Security practitioners often want micro-segmentation and strict device isolation to contain breach fallout, while endpoint and network teams tend to fall back to overly permissive architectures.
“As a result, the blast radius of many breaches – such as those that entail self-propagating malware – is much larger than it should be,” Kazanciyan says.
A relentless pressure to keep the lights on is the most common reason security teams make these compromises: One-third of the respondents in the Tanium survey cited this when asked to describe why they sometimes held back on needed security measures.
In addition, 31% said a focus on implementing new business systems often took precedence over protecting existing ones, and 26% said the presence of legacy systems in the environment restricted their security capabilities. Nearly one in four (23%) of respondents described internal politics as one reason why they are forced to make security compromises.
Uninterrupted operations and time-to-market considerations have almost always taken precedence …
Author: Jai Vijayan Freelance writer