Businesses Are Unprepared for a Data Breach
Half of all IT decision-makers say it can take up to a week or more to remove access to sensitive systems, according to the Centrify report.Despite major breaches at iconic organizations such as Sony and the U.S. Office of Personnel Management making headlines, businesses are still woefully unprepared for a data breach, according to a survey of more than 400 IT decision-makers (ITDMs) in the United States and the United Kingdom. The question of who has access to data is also cause for considerable alarm, with 59 percent of U.S. ITDMs and 34 percent of U.K. ITDMs reporting sharing access credentials with other employees at least somewhat often. Another 52 percent of US ITDMs and 32 percent of U.K. decision-makers sharing access at least somewhat often with contractors. Among ITDMs who grant access to contractors, 82 percent in the United States and 68 percent in the United Kingdom say it would be at least somewhat easy for those contractors to gain access to their company’s digital assets, and 53 percent of U.S. respondents and 32 percent of U.K. respondents say it would be at least somewhat easy for a former employee to still log in and access data.
"I think there are two reasons businesses are still lax when it comes to date access. The first is that with the consumerization of IT and the growth of cloud and mobile, most businesses really do not have a solid handle on what IT assets they have any more," Tom Kemp, CEO of Centrify, told eWEEK. "This is commonly referred to as shadow IT. So, the IT organization can’t provide the same level of security policies to apps they don’t know are deployed nor can they apply policies to personally owned devices that are being used to access work-related data and apps."