Despite major breaches at iconic organizations such as Sony and the U.S. Office of Personnel Management making headlines, businesses are still woefully unprepared for a data breach, according to a survey of more than 400 IT decision-makers (ITDMs) in the United States and the United Kingdom.
The question of who has access to data is also cause for considerable alarm, with 59 percent of U.S. ITDMs and 34 percent of U.K. ITDMs reporting sharing access credentials with other employees at least somewhat often.
Another 52 percent of US ITDMs and 32 percent of U.K. decision-makers sharing access at least somewhat often with contractors.
Among ITDMs who grant access to contractors, 82 percent in the United States and 68 percent in the United Kingdom say it would be at least somewhat easy for those contractors to gain access to their company’s digital assets, and 53 percent of U.S. respondents and 32 percent of U.K. respondents say it would be at least somewhat easy for a former employee to still log in and access data.
"I think there are two reasons businesses are still lax when it comes to date access. The first is that with the consumerization of IT and the growth of cloud and mobile, most businesses really do not have a solid handle on what IT assets they have any more," Tom Kemp, CEO of Centrify, told eWEEK. "This is commonly referred to as shadow IT. So, the IT organization can’t provide the same level of security policies to apps they don’t know are deployed nor can they apply policies to personally owned devices that are being used to access work-related data and apps."
Kemp noted, moreover, that as more IT assets move outside the corporate perimeter, the problem of controlling data access becomes harder, so organizations need to get their arms around shadow IT sooner instead of later.
In addition, half of all IT decision-makers say it can take up to a week or more to remove access to sensitive systems.
The survey also found that 55 percent of U.S. ITDMs and 45 percent of their U.K. counterparts say their organizations have suffered a security breach in the past, which have cost the companies involved millions of dollars in damages.
Three quarters of U.S. decision-makers and more than half of U.K. ITDMs agree that their organizations need to do a better job of monitoring who has access to their data.
"Unfortunately, I think data breaches are only going to get worse. The increasing sophistication of hackers and the constant bombardment will find weak links," Kemp said. "At the heart of almost all these breaches are compromised credentials, so until we finally ditch the password for something more secure, these problems will continue to fester."