Wednesday,27 November, 2024

Subscribe to Newsletter

HOME
  NEWS
  Knowledge Center
 
News

Cisco and GBM Unveil Latest UAE Security Research at GITEX 2014

Published Oct 14, 2014

The latest UAE workplace Security research findings were unveiled at Gitex today at a press conference hosted by Cisco and Gulf Business Machines (GBM). The results, which draw on responses from over 500 employees in the UAE, uncover two significant issues.

The first shows that employee behaviour is a genuine weak link in cyber security and becoming an increasing source of risk – more through complacency and ignorance than malice - because companies have so insulated employees from the scale of daily threats that people expect the company’s security settings to take care of everything for them.
The second shows that an increasing number of employees feel that security policies are inhibiting innovation and collaboration, and are making it harder for them to do their job effectively – to the point where some employees take steps to circumvent the policy.

The need to factor in behaviour in a threat-centric platform based approach to IT security

The research shows that there is an urgent need to evolve security policies so that they continue to provide the best possible defence to attack from outside the organisation while simultaneously adapting to different types of employee behaviour. Employee behaviour (57%) was second only to organised cybercrime (61%) when employees were asked to identify the top two greatest sources of risk to data security. All of those surveyed use their company’s network for personal transactions – the most popular was personal banking (74%) closely followed by travel bookings and online shopping (63%).

A culture of complacency and ignorance

According to the wide ranging security study, the biggest internal threat stems from a sense of complacency with employees assuming that the company will protect them online. The survey revealed that 41% of people expect their company’s security settings to protect them from any risk, while (46%) believe it is either the company’s or a joint responsibility to keep personal and company data safe. Over half (52%) seem so insulated from the true extent of threats that they think their behaviour has low to moderate impact on security.

This attitude may be a result of policies – and the threats that drive them - not being high profile. While 66% of employees thought their company had a security policy, 14% did not know if there was one or not. Over half, 52% said they weren’t bothered about the policy in any event as it didn’t affect what they do and, 35% said they only notice one exists when they are stopped from doing something by the security settings. As a result 47% admitted to low or moderate levels of adherence to the policies that were in place and more people admitted to being more rigorous about data security at home (25%) than at work (18%).

Furthermore, an astonishing 62% of people are not aware of recent high-profile security breaches such as Heartbleed. As a result, 26% of respondents made no change to their security behaviour and 50% say they still don’t have different passwords for every site and application.

Dabboussi said, “An effective security strategy helps to protect an organisation before, during and after an attack. Worryingly, the survey shows most employees feel so immune to attack that they do not change their behaviour. This needs to be addressed urgently.”

Outmoded approaches to security are inhibiting working patterns and stifling innovation

Employees in the UAE are increasingly looking at IT security as a barrier rather than an enabler for business. The survey revealed that over a third (39%) think IT security is stifling innovation and making it harder to collaborate and 20% believe it is making it harder to do their job. One in five (20%) believe that the costs of lost business opportunity outweigh the costs associated with a potential security breach.

Four distinct IT security behaviour profiles across the UAE

The research, also identified four distinct IT security behaviour profiles across the UAE which could form the basis for behaviour-centric security strategies. Each demonstrates a different level of threat to data security and requires a specific approach in order to limit the risk posed whilst leaving people free to perform at optimum efficiency and effectiveness:

The threat aware – those aware of security risks and who try hard to stay safe online
The well-intentioned – those who try to adhere to policies but who implement on a ‘hit and miss’ basis
The complacent – those who expect the company to provide a comprehensive security environment and therefore do not take individual responsibility for data security
The bored and cynical

Kaizo LimitedA company registered in England and WalesRegistered office: 1 Quality Court, Chancery Lane, London, WC2A 1HRRegistered Number: 07631425

– those who believe the cyber security threat is overhyped and that IT security inhibits their performance and will circumvent policies as a result.

Executive Quotes:

Rabih Dabboussi Managing Director for Cisco in the UAE

“This study confirms the complex challenges facing businesses when it comes to IT security. The results show most employees recognise that the threat from cybercriminals is real and worthy of continuous defence but it also reveals that employee complacency about IT security is increasing the risks for businesses in the UAE. An employee who blindly trusts is one amongst several “weak links” in the security chain. These expose an organisation to greater risks by providing enterprising hackers with multiple doorways that can be unlocked and potentially lead to sensitive data. While better communication and education will help, it won’t solve the culture of complacency uncovered by this study. IT leaders will be compelled to establish more user-friendly security policies that accommodate each behavioural profile in order to lower the risk of a breach across the entire organisation.”

Hani Nofal, Executive Director at GBM

“The way in which people are choosing to work in modern society does not correlate to the investment companies are making in their IT security strategies. These results highlight that employees are aware that existing security policies need to change in order for businesses to maintain a culture of innovation and collaboration, whilst keeping the corporate network, devices and the cloud safe from external attacks. As cybersecurity becomes more of a strategic risk, organisations across the GCC must take a holistic view of the risks and continually improve cybersecurity practices and procedures. For many organisations his has become a key part of daily operations in order to protect the business from internal and external threats, and to ensure weak links, caused by employee behaviour, are minimised, helping to facilitate business agility, innovation and growth.”



Rate This:

Posted by VMD - [Virtual Marketing Department]


Poll
What is your favourite search engine?
Google
Yahoo
Bing

Most Viewed
  Riverbed Launches Industry’s Most Complete Digital Experience Management Solution

  Credence Security to Address Growing Market for GRC Solutions in Middle East Through Partnership with Rsam

  New Mimecast Archive Cloud Capability Streamlines GDPR Management for Email

  Planning and Scheduling Software–Helping Manufacturers Keep Their Customers Happy

  Farsight Security and Infoblox Provide Zero-Hour Protection Against Cyberattacks Due to New Domains

  Fujitsu Launches High-Security Biometric Authentication Solution for Active Directory IT Environments

  Rackspace Wins 2017 Red Hat Innovator of the Year Award

  ServiceNow Survey Shows 2018 as the Year of Automation for Routine Enterprise Work

  4 Tech Hacks to Faster Customer Onboarding

  New Mimecast Report Detects 400% Increase in Impersonation Attacks