Insider threats are the greatest concern for businesses and permitting employees to connect their own devices to the network increases the risk of security breaches, according to a survey of 179 information security and network operations professionals conducted by network security policy management specialist AlgoSec.
Two-thirds of respondents (64.5 percent) rated insiders as the greatest security risk. Roughly the same proportion of respondents (66 percent) expressed concern that allowing employees to bring their own device to work increased the risk of security breaches. About 40 percent reported that employee devices increase the overall risk of network and application outages.
According to the survey findings, next-generation firewall adoption is on the rise, while poor change management processes are a major operations challenge, often resulting in network and application outages. A majority of respondents (60 percent) cited poor processes and lack of visibility into security policies as the greatest challenge of managing network security devices.
"Increasing complexity in network security not only impacts an organization’s ability to protect itself from cyber-threats, but also hampers business agility," Nimmy Reichenberg, vice president of marketing and business development for AlgoSec, said in a statement. "Based on the survey results, it’s clear that organizations are faced with increasing insider threats as well as rising risk of network and application outages, but process improvement and better security policy enforcement that leverages automation can provide significant dividends."
Less than 20 percent of respondents said that the majority of their organization’s security controls were in the cloud, and the larger the organization, the less likely it was to have cloud-based security, the report found. More than three-quarters of respondents (76.6 percent) suffered a network or application outage due to an out-of-process change, an increase of 21.1 percent from last year’s findings.
The vast majority of businesses surveyed (80.6 percent) said they had suffered an outage, security breach or decreased network performance due to an application-related rule change. In exchange for increased security, 56 percent of respondents said they had increased work to manage the firewall process, with 46 percent citing they must make more changes.
In addition, the number of respondents that have adopted next-generation firewalls (NGFWs) is now at 57 percent, up from 41.2 percent in 2012. Of those who have adopted NGFWs, a majority, 56.5 percent, reports that their objective is to improve protection from attacks.
"While the number of respondents reporting that next-gen firewalls increased their workload declined from last year, most said the new firewalls created more work," the report noted. "Even as organizations centralize their firewall management, time spent managing policies and making changes continues to tax IT departments as complexity rises."